CVE-2013-1776

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

08/04/2013

Last modified:

11/04/2025

Description

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Impact

Vector 2.0

AV:L/AC:M/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.40 MEDIUM
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Attack Vector (AV): Local
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

4.40

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:apple:mac_os_x::::::::		10.10.4 (including)
cpe:2.3:a:todd_miller:sudo:1.8.0:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.1p1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.1p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.3:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.3p1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.3p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p3:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p4:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p5:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:apple:mac_os_x::::::::		10.10.4 (including)
cpe:2.3:a:todd_miller:sudo:1.8.0:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.1p1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.1p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.3:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.3p1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.3p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p1:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p3:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p4:::::::*
cpe:2.3:a:todd_miller:sudo:1.8.4p5:::::::*

CVE-2013-1776

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools