4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
sudo is vulnerable to privilege escalation. The controlling terminal device is not properly validated when tty_tickets
option is enabled. This allow users with sudo
permissions to obtain the authorization of another terminal via the standard input, output and error file descriptors of the other terminal.
bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
rhn.redhat.com/errata/RHSA-2013-1353.html
www.debian.org/security/2013/dsa-2642
www.openwall.com/lists/oss-security/2013/02/27/31
www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
www.securityfocus.com/bid/58207
www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
www.sudo.ws/repos/sudo/rev/632f8e028191
www.sudo.ws/repos/sudo/rev/6b22be4d09f0
www.sudo.ws/sudo/alerts/tty_tickets.html
access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.4_Technical_Notes/sudo.html
access.redhat.com/security/cve/CVE-2013-1776
bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
bugzilla.redhat.com/show_bug.cgi?id=759480
bugzilla.redhat.com/show_bug.cgi?id=789937
bugzilla.redhat.com/show_bug.cgi?id=804123
bugzilla.redhat.com/show_bug.cgi?id=852045
bugzilla.redhat.com/show_bug.cgi?id=860397
bugzilla.redhat.com/show_bug.cgi?id=872740
bugzilla.redhat.com/show_bug.cgi?id=876208
bugzilla.redhat.com/show_bug.cgi?id=876578
bugzilla.redhat.com/show_bug.cgi?id=879633
bugzilla.redhat.com/show_bug.cgi?id=903020
bugzilla.redhat.com/show_bug.cgi?id=916365
exchange.xforce.ibmcloud.com/vulnerabilities/82453
rhn.redhat.com/errata/RHBA-2013-0363.html
support.apple.com/kb/HT205031