Lucene search

[email protected]NVD:CVE-2013-2777

HistoryApr 08, 2013 - 5:55 p.m.

CVE-2013-2777

2013-04-0817:55:01

CWE-264

[email protected]

web.nvd.nist.gov

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.2%

JSON

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Affected configurations

NVD

Node

applemac_os_xRange≤10.10.4

Node

todd_millersudoRange≤1.7.10p4

todd_millersudoMatch1.3.5

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.2p3

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p7

todd_millersudoMatch1.6.4

todd_millersudoMatch1.6.4p2

todd_millersudoMatch1.6.5

todd_millersudoMatch1.6.6

todd_millersudoMatch1.6.7

todd_millersudoMatch1.6.7p5

todd_millersudoMatch1.6.8

todd_millersudoMatch1.6.8p12

todd_millersudoMatch1.6.9

todd_millersudoMatch1.6.9p20

todd_millersudoMatch1.6.9p21

todd_millersudoMatch1.6.9p22

todd_millersudoMatch1.6.9p23

todd_millersudoMatch1.7.0

todd_millersudoMatch1.7.1

todd_millersudoMatch1.7.2

todd_millersudoMatch1.7.2p1

todd_millersudoMatch1.7.2p2

todd_millersudoMatch1.7.2p3

todd_millersudoMatch1.7.2p4

todd_millersudoMatch1.7.2p5

todd_millersudoMatch1.7.2p6

todd_millersudoMatch1.7.2p7

todd_millersudoMatch1.7.3b1

todd_millersudoMatch1.7.4

todd_millersudoMatch1.7.4p1

todd_millersudoMatch1.7.4p2

todd_millersudoMatch1.7.4p3

todd_millersudoMatch1.7.4p4

todd_millersudoMatch1.7.4p5

todd_millersudoMatch1.7.4p6

todd_millersudoMatch1.7.5

todd_millersudoMatch1.7.6

todd_millersudoMatch1.7.6p1

todd_millersudoMatch1.7.6p2

todd_millersudoMatch1.7.7

todd_millersudoMatch1.7.8

todd_millersudoMatch1.7.8p1

todd_millersudoMatch1.7.8p2

todd_millersudoMatch1.7.9

todd_millersudoMatch1.7.9p1

todd_millersudoMatch1.7.10

todd_millersudoMatch1.7.10p1

todd_millersudoMatch1.7.10p2

todd_millersudoMatch1.7.10p3

Node

todd_millersudoMatch1.8.0

todd_millersudoMatch1.8.1

todd_millersudoMatch1.8.1p1

todd_millersudoMatch1.8.1p2

todd_millersudoMatch1.8.2

todd_millersudoMatch1.8.3

todd_millersudoMatch1.8.3p1

todd_millersudoMatch1.8.3p2

todd_millersudoMatch1.8.4

todd_millersudoMatch1.8.4p1

todd_millersudoMatch1.8.4p2

todd_millersudoMatch1.8.4p3

todd_millersudoMatch1.8.4p4

todd_millersudoMatch1.8.4p5

todd_millersudoMatch1.8.5

todd_millersudoMatch1.8.6

todd_millersudoMatch1.8.6p1

todd_millersudoMatch1.8.6p2

todd_millersudoMatch1.8.6p3

todd_millersudoMatch1.8.6p4

todd_millersudoMatch1.8.6p5

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

rhn.redhat.com/errata/RHSA-2013-1701.html

www.debian.org/security/2013/dsa-2642

www.openwall.com/lists/oss-security/2013/02/27/31

www.securityfocus.com/bid/58207

www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440

www.sudo.ws/repos/sudo/rev/2f3225a2a4a4

www.sudo.ws/repos/sudo/rev/bfa23f089bba

www.sudo.ws/sudo/alerts/tty_tickets.html

bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023

bugzilla.redhat.com/show_bug.cgi?id=916365

exchange.xforce.ibmcloud.com/vulnerabilities/82453

support.apple.com/kb/HT205031

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.2%

JSON

Related for NVD:CVE-2013-2777

ubuntucve3 cvelist3 cve3 debiancve3 prion3 nessus27 openvas18 gentoo1 oraclelinux2 freebsd1 nvd2 veracode3 securityvulns3 debian1 osv1 slackware1 fedora2 amazon1 centos2 redhat3