{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"}, {"name": "58207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58207"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"name": "RHSA-2013:1701", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"}, {"name": "DSA-2642", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2642"}, {"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "SSA:2013-065-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"name": "62741", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/62741"}, {"name": "RHSA-2013:1353", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT205031"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"name": "sudo-ttytickets-sec-bypass(82453)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2776", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14", "refsource": "CONFIRM", "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"}, {"name": "58207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58207"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"name": "RHSA-2013:1701", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"}, {"name": "DSA-2642", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2642"}, {"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"name": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa", "refsource": "CONFIRM", "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"}, {"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html", "refsource": "CONFIRM", "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"name": "APPLE-SA-2015-08-13-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "SSA:2013-065-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"name": "62741", "refsource": "BID", "url": "http://www.securityfocus.com/bid/62741"}, {"name": "RHSA-2013:1353", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"name": "https://support.apple.com/kb/HT205031", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205031"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"name": "sudo-ttytickets-sec-bypass(82453)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:33.684Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"}, {"name": "58207", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58207"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"name": "RHSA-2013:1701", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"}, {"name": "DSA-2642", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2642"}, {"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "SSA:2013-065-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"name": "62741", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/62741"}, {"name": "RHSA-2013:1353", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT205031"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"name": "sudo-ttytickets-sec-bypass(82453)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2776", "datePublished": "2013-04-08T17:00:00.000Z", "dateReserved": "2013-04-08T00:00:00.000Z", "dateUpdated": "2024-08-06T15:44:33.684Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC4F3BEB-BF2B-4E5F-A376-E23E6B532E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*", "matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*", "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*", "matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*", "matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*", "matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*", "matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*", "matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*", "matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*", "matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*", "matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*", "matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*", "matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*", "matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*", "matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*", "matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*", "matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*", "matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*", "matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*", "matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*", "matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*", "matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*", "matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*", "matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*", "matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*", "matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*", "matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*", "matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*", "matchCriteriaId": "C7958DC3-1D59-47CB-A4C8-40EB675ED08A", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*", "matchCriteriaId": "119AC9FA-3174-4982-A58F-D5F8FACC7411", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*", "matchCriteriaId": "BF14E93E-29CA-4A30-966B-5D71A03A6B0A", "vulnerable": false}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906", "versionEndIncluding": "10.10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p4:*:*:*:*:*:*:*", "matchCriteriaId": "3E59EA28-3FED-4BBC-AEC6-BE60C3107494", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p5:*:*:*:*:*:*:*", "matchCriteriaId": "D576845C-2645-46E5-B6EE-C23FA80A44B7", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*", "matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*", "matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*", "matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*", "matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*", "matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*", "matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*", "matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "DB3D2805-A361-4A13-9E19-889CBE703137", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p1:*:*:*:*:*:*:*", "matchCriteriaId": "00C4F9EE-9907-46E8-980F-FEBC5591C1FD", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p2:*:*:*:*:*:*:*", "matchCriteriaId": "12DD19E7-A84F-4667-BFF7-C8D010648330", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p3:*:*:*:*:*:*:*", "matchCriteriaId": "67E5AA45-D8C7-467C-BB10-0FE923C99D73", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p4:*:*:*:*:*:*:*", "matchCriteriaId": "B9BD09D8-2388-444F-926A-78BD74469928", "vulnerable": false}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p5:*:*:*:*:*:*:*", "matchCriteriaId": "E5F4C1EC-57BE-49E3-82AE-40B987059C41", "vulnerable": false}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."}, {"lang": "es", "value": "sudo v1.3.5 hasta v1.7.10p5 y v1.8.0 hasta v1.8.6p6, cuando se ejecuta en sistemas sin /proc o la funci\u00f3n sysctl con la opci\u00f3n tty_tickets habilitada, no valida correctamente el control de dispositivo terminal, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorizaci\u00f3n de otra terminal a trav\u00e9s de vectores relacionados con una sesi\u00f3n sin un dispositivo terminal de control y la conexi\u00f3n a una entrada est\u00e1ndar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asign\u00f3 originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas."}], "id": "CVE-2013-2776", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-08T17:55:01.127", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"source": "cve@mitre.org", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2013/dsa-2642"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/58207"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/62741"}, {"source": "cve@mitre.org", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"}, {"source": "cve@mitre.org", "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"source": "cve@mitre.org", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/58207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/62741"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.sudo.ws/repos/sudo/rev/049a12a5cc14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205031"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1353", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "sudo-0:1.7.2p1-28.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-09-30T00:00:00Z"}, {"advisory": "RHSA-2013:1701", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "sudo-0:1.8.6p3-12.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-11-20T00:00:00Z"}], "bugzilla": {"description": "sudo: bypass of tty_tickets constraints", "id": "949751", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=949751"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."], "name": "CVE-2013-2776", "public_date": "2013-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2776\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2776"], "threat_severity": "Low"}

{}