CVE-2013-2776

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

08/04/2013

Last modified:

11/04/2025

Description

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Impact

Vector 2.0

AV:L/AC:M/Au:N/C:P/I:P/A:P CVSS v2.0 Severity and Metrics:

Base Score: 4.40 MEDIUM
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Attack Vector (AV): Local
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): Physical
Integrity (I): Physical
Availability (A): Physical

Base Score 2.0

4.40

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:todd_miller:sudo:1.3.5:::::::*
cpe:2.3:a:todd_miller:sudo:1.6:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.1:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.2:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.2p3:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.3:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.4:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.4p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.5:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.6:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.7:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.7p5:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.8:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.8p12:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:todd_miller:sudo:1.3.5:::::::*
cpe:2.3:a:todd_miller:sudo:1.6:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.1:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.2:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.2p3:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.3:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.4:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.4p2:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.5:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.6:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.7:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.7p5:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.8:::::::*
cpe:2.3:a:todd_miller:sudo:1.6.8p12:::::::*

CVE-2013-2776

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools