4.4

CVE-2013-2777

EPSS 0.05%
Veröffentlicht 08.04.2013 17:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS X Version <= 10.10.4

Todd Miller ≫ Sudo Version <= 1.7.10p4

Todd Miller ≫ Sudo Version1.3.5

Todd Miller ≫ Sudo Version1.6

Todd Miller ≫ Sudo Version1.6.1

Todd Miller ≫ Sudo Version1.6.2

Todd Miller ≫ Sudo Version1.6.2p3

Todd Miller ≫ Sudo Version1.6.3

Todd Miller ≫ Sudo Version1.6.3_p7

Todd Miller ≫ Sudo Version1.6.4

Todd Miller ≫ Sudo Version1.6.4p2

Todd Miller ≫ Sudo Version1.6.5

Todd Miller ≫ Sudo Version1.6.6

Todd Miller ≫ Sudo Version1.6.7

Todd Miller ≫ Sudo Version1.6.7p5

Todd Miller ≫ Sudo Version1.6.8

Todd Miller ≫ Sudo Version1.6.8p12

Todd Miller ≫ Sudo Version1.6.9

Todd Miller ≫ Sudo Version1.6.9p20

Todd Miller ≫ Sudo Version1.6.9p21

Todd Miller ≫ Sudo Version1.6.9p22

Todd Miller ≫ Sudo Version1.6.9p23

Todd Miller ≫ Sudo Version1.7.0

Todd Miller ≫ Sudo Version1.7.1

Todd Miller ≫ Sudo Version1.7.2

Todd Miller ≫ Sudo Version1.7.2p1

Todd Miller ≫ Sudo Version1.7.2p2

Todd Miller ≫ Sudo Version1.7.2p3

Todd Miller ≫ Sudo Version1.7.2p4

Todd Miller ≫ Sudo Version1.7.2p5

Todd Miller ≫ Sudo Version1.7.2p6

Todd Miller ≫ Sudo Version1.7.2p7

Todd Miller ≫ Sudo Version1.7.3b1

Todd Miller ≫ Sudo Version1.7.4

Todd Miller ≫ Sudo Version1.7.4p1

Todd Miller ≫ Sudo Version1.7.4p2

Todd Miller ≫ Sudo Version1.7.4p3

Todd Miller ≫ Sudo Version1.7.4p4

Todd Miller ≫ Sudo Version1.7.4p5

Todd Miller ≫ Sudo Version1.7.4p6

Todd Miller ≫ Sudo Version1.7.5

Todd Miller ≫ Sudo Version1.7.6

Todd Miller ≫ Sudo Version1.7.6p1

Todd Miller ≫ Sudo Version1.7.6p2

Todd Miller ≫ Sudo Version1.7.7

Todd Miller ≫ Sudo Version1.7.8

Todd Miller ≫ Sudo Version1.7.8p1

Todd Miller ≫ Sudo Version1.7.8p2

Todd Miller ≫ Sudo Version1.7.9

Todd Miller ≫ Sudo Version1.7.9p1

Todd Miller ≫ Sudo Version1.7.10

Todd Miller ≫ Sudo Version1.7.10p1

Todd Miller ≫ Sudo Version1.7.10p2

Todd Miller ≫ Sudo Version1.7.10p3

Todd Miller ≫ Sudo Version1.8.0

Todd Miller ≫ Sudo Version1.8.1

Todd Miller ≫ Sudo Version1.8.1p1

Todd Miller ≫ Sudo Version1.8.1p2

Todd Miller ≫ Sudo Version1.8.2

Todd Miller ≫ Sudo Version1.8.3

Todd Miller ≫ Sudo Version1.8.3p1

Todd Miller ≫ Sudo Version1.8.3p2

Todd Miller ≫ Sudo Version1.8.4

Todd Miller ≫ Sudo Version1.8.4p1

Todd Miller ≫ Sudo Version1.8.4p2

Todd Miller ≫ Sudo Version1.8.4p3

Todd Miller ≫ Sudo Version1.8.4p4

Todd Miller ≫ Sudo Version1.8.4p5

Todd Miller ≫ Sudo Version1.8.5

Todd Miller ≫ Sudo Version1.8.6

Todd Miller ≫ Sudo Version1.8.6p1

Todd Miller ≫ Sudo Version1.8.6p2

Todd Miller ≫ Sudo Version1.8.6p3

Todd Miller ≫ Sudo Version1.8.6p4

Todd Miller ≫ Sudo Version1.8.6p5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.115

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

https://support.apple.com/kb/HT205031

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1701.html

http://www.debian.org/security/2013/dsa-2642

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839

http://www.openwall.com/lists/oss-security/2013/02/27/31

http://www.securityfocus.com/bid/58207

http://www.sudo.ws/sudo/alerts/tty_tickets.html

Vendor Advisory

https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023

https://bugzilla.redhat.com/show_bug.cgi?id=916365

https://exchange.xforce.ibmcloud.com/vulnerabilities/82453

http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4

Vendor Advisory

http://www.sudo.ws/repos/sudo/rev/bfa23f089bba

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-2777

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-2777

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-2777

EUVD