4.4

CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Data is provided by the National Vulnerability Database (NVD)
ApplemacOS X Version <= 10.10.4
Todd MillerSudo Version <= 1.7.10p4
Todd MillerSudo Version1.3.5
Todd MillerSudo Version1.6
Todd MillerSudo Version1.6.1
Todd MillerSudo Version1.6.2
Todd MillerSudo Version1.6.2p3
Todd MillerSudo Version1.6.3
Todd MillerSudo Version1.6.3_p7
Todd MillerSudo Version1.6.4
Todd MillerSudo Version1.6.4p2
Todd MillerSudo Version1.6.5
Todd MillerSudo Version1.6.6
Todd MillerSudo Version1.6.7
Todd MillerSudo Version1.6.7p5
Todd MillerSudo Version1.6.8
Todd MillerSudo Version1.6.8p12
Todd MillerSudo Version1.6.9
Todd MillerSudo Version1.6.9p20
Todd MillerSudo Version1.6.9p21
Todd MillerSudo Version1.6.9p22
Todd MillerSudo Version1.6.9p23
Todd MillerSudo Version1.7.0
Todd MillerSudo Version1.7.1
Todd MillerSudo Version1.7.2
Todd MillerSudo Version1.7.2p1
Todd MillerSudo Version1.7.2p2
Todd MillerSudo Version1.7.2p3
Todd MillerSudo Version1.7.2p4
Todd MillerSudo Version1.7.2p5
Todd MillerSudo Version1.7.2p6
Todd MillerSudo Version1.7.2p7
Todd MillerSudo Version1.7.3b1
Todd MillerSudo Version1.7.4
Todd MillerSudo Version1.7.4p1
Todd MillerSudo Version1.7.4p2
Todd MillerSudo Version1.7.4p3
Todd MillerSudo Version1.7.4p4
Todd MillerSudo Version1.7.4p5
Todd MillerSudo Version1.7.4p6
Todd MillerSudo Version1.7.5
Todd MillerSudo Version1.7.6
Todd MillerSudo Version1.7.6p1
Todd MillerSudo Version1.7.6p2
Todd MillerSudo Version1.7.7
Todd MillerSudo Version1.7.8
Todd MillerSudo Version1.7.8p1
Todd MillerSudo Version1.7.8p2
Todd MillerSudo Version1.7.9
Todd MillerSudo Version1.7.9p1
Todd MillerSudo Version1.7.10
Todd MillerSudo Version1.7.10p1
Todd MillerSudo Version1.7.10p2
Todd MillerSudo Version1.7.10p3
Todd MillerSudo Version1.8.0
Todd MillerSudo Version1.8.1
Todd MillerSudo Version1.8.1p1
Todd MillerSudo Version1.8.1p2
Todd MillerSudo Version1.8.2
Todd MillerSudo Version1.8.3
Todd MillerSudo Version1.8.3p1
Todd MillerSudo Version1.8.3p2
Todd MillerSudo Version1.8.4
Todd MillerSudo Version1.8.4p1
Todd MillerSudo Version1.8.4p2
Todd MillerSudo Version1.8.4p3
Todd MillerSudo Version1.8.4p4
Todd MillerSudo Version1.8.4p5
Todd MillerSudo Version1.8.5
Todd MillerSudo Version1.8.6
Todd MillerSudo Version1.8.6p1
Todd MillerSudo Version1.8.6p2
Todd MillerSudo Version1.8.6p3
Todd MillerSudo Version1.8.6p4
Todd MillerSudo Version1.8.6p5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.115
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.4 3.4 6.4
AV:L/AC:M/Au:N/C:P/I:P/A:P