4.4

CVE-2013-1776

EPSS 0.05%
Veröffentlicht 08.04.2013 17:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS X Version <= 10.10.4

Todd Miller ≫ Sudo Version1.8.0

Todd Miller ≫ Sudo Version1.8.1

Todd Miller ≫ Sudo Version1.8.1p1

Todd Miller ≫ Sudo Version1.8.1p2

Todd Miller ≫ Sudo Version1.8.2

Todd Miller ≫ Sudo Version1.8.3

Todd Miller ≫ Sudo Version1.8.3p1

Todd Miller ≫ Sudo Version1.8.3p2

Todd Miller ≫ Sudo Version1.8.4

Todd Miller ≫ Sudo Version1.8.4p1

Todd Miller ≫ Sudo Version1.8.4p2

Todd Miller ≫ Sudo Version1.8.4p3

Todd Miller ≫ Sudo Version1.8.4p4

Todd Miller ≫ Sudo Version1.8.4p5

Todd Miller ≫ Sudo Version1.8.5

Todd Miller ≫ Sudo Version1.3.5

Todd Miller ≫ Sudo Version1.6

Todd Miller ≫ Sudo Version1.6.1

Todd Miller ≫ Sudo Version1.6.2

Todd Miller ≫ Sudo Version1.6.2p3

Todd Miller ≫ Sudo Version1.6.3

Todd Miller ≫ Sudo Version1.6.3_p7

Todd Miller ≫ Sudo Version1.6.4

Todd Miller ≫ Sudo Version1.6.4p2

Todd Miller ≫ Sudo Version1.6.5

Todd Miller ≫ Sudo Version1.6.6

Todd Miller ≫ Sudo Version1.6.7

Todd Miller ≫ Sudo Version1.6.7p5

Todd Miller ≫ Sudo Version1.6.8

Todd Miller ≫ Sudo Version1.6.8p12

Todd Miller ≫ Sudo Version1.6.9

Todd Miller ≫ Sudo Version1.6.9p20

Todd Miller ≫ Sudo Version1.6.9p21

Todd Miller ≫ Sudo Version1.6.9p22

Todd Miller ≫ Sudo Version1.6.9p23

Todd Miller ≫ Sudo Version1.7.0

Todd Miller ≫ Sudo Version1.7.1

Todd Miller ≫ Sudo Version1.7.2

Todd Miller ≫ Sudo Version1.7.2p1

Todd Miller ≫ Sudo Version1.7.2p2

Todd Miller ≫ Sudo Version1.7.2p3

Todd Miller ≫ Sudo Version1.7.2p4

Todd Miller ≫ Sudo Version1.7.2p5

Todd Miller ≫ Sudo Version1.7.2p6

Todd Miller ≫ Sudo Version1.7.2p7

Todd Miller ≫ Sudo Version1.7.3b1

Todd Miller ≫ Sudo Version1.7.4

Todd Miller ≫ Sudo Version1.7.4p1

Todd Miller ≫ Sudo Version1.7.4p2

Todd Miller ≫ Sudo Version1.7.4p3

Todd Miller ≫ Sudo Version1.7.4p4

Todd Miller ≫ Sudo Version1.7.4p5

Todd Miller ≫ Sudo Version1.7.4p6

Todd Miller ≫ Sudo Version1.7.5

Todd Miller ≫ Sudo Version1.7.6

Todd Miller ≫ Sudo Version1.7.6p1

Todd Miller ≫ Sudo Version1.7.6p2

Todd Miller ≫ Sudo Version1.7.7

Todd Miller ≫ Sudo Version1.7.8

Todd Miller ≫ Sudo Version1.7.8p1

Todd Miller ≫ Sudo Version1.7.8p2

Todd Miller ≫ Sudo Version1.7.9

Todd Miller ≫ Sudo Version1.7.9p1

Todd Miller ≫ Sudo Version1.7.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.15

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html

http://rhn.redhat.com/errata/RHSA-2013-1353.html

http://www.debian.org/security/2013/dsa-2642

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839

http://www.openwall.com/lists/oss-security/2013/02/27/31

http://www.securityfocus.com/bid/58207

http://www.sudo.ws/repos/sudo/rev/632f8e028191

http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0

http://www.sudo.ws/sudo/alerts/tty_tickets.html

Vendor Advisory

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023

https://bugzilla.redhat.com/show_bug.cgi?id=916365

https://exchange.xforce.ibmcloud.com/vulnerabilities/82453

https://nvd.nist.gov/vuln/detail/CVE-2013-1776

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1776

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1776

EUVD