{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-02-27T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "58207", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/58207"}, {"tags": ["x_refsource_MISC"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"name": "DSA-2642", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2013/dsa-2642"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"}, {"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"name": "openSUSE-SU-2013:0495", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "SSA:2013-065-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"name": "RHSA-2013:1353", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT205031"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"name": "sudo-ttytickets-sec-bypass(82453)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1776", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "58207", "refsource": "BID", "url": "http://www.securityfocus.com/bid/58207"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839", "refsource": "MISC", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"name": "DSA-2642", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2013/dsa-2642"}, {"name": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0", "refsource": "CONFIRM", "url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"}, {"name": "http://www.sudo.ws/repos/sudo/rev/632f8e028191", "refsource": "CONFIRM", "url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"}, {"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"name": "openSUSE-SU-2013:0495", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"}, {"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html", "refsource": "CONFIRM", "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"name": "APPLE-SA-2015-08-13-2", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "SSA:2013-065-01", "refsource": "SLACKWARE", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"name": "RHSA-2013:1353", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"name": "https://support.apple.com/kb/HT205031", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT205031"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"name": "sudo-ttytickets-sec-bypass(82453)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:13:33.004Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"name": "58207", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/58207"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"name": "DSA-2642", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2013/dsa-2642"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"}, {"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"name": "openSUSE-SU-2013:0495", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"name": "APPLE-SA-2015-08-13-2", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"name": "SSA:2013-065-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"name": "RHSA-2013:1353", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT205031"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"name": "sudo-ttytickets-sec-bypass(82453)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1776", "datePublished": "2013-04-08T17:00:00.000Z", "dateReserved": "2013-02-19T00:00:00.000Z", "dateUpdated": "2024-08-06T15:13:33.004Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906", "versionEndIncluding": "10.10.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*", "matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*", "matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*", "matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*", "matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*", "matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*", "matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*", "matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*", "matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BC4F3BEB-BF2B-4E5F-A376-E23E6B532E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*", "matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*", "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*", "matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*", "matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*", "matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*", "matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*", "matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*", "matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*", "matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*", "matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*", "matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*", "matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*", "matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*", "matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*", "matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*", "matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*", "matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*", "matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*", "matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*", "matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*", "matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*", "matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*", "matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*", "matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*", "matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*", "matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*", "matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*", "matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*", "matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."}, {"lang": "es", "value": "sudo v1.3.5 hasta v1.7.10 y v1.8.0 hasta v1.8.5, cuando la opci\u00f3n tty_tickets est\u00e1 activada, no valida correctamente el dispositivo terminal de control, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorizaci\u00f3n de otra terminal a trav\u00e9s de vectores relacionados con una sesi\u00f3n sin un dispositivo terminal de control y la conexi\u00f3n a una entrada est\u00e1ndar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asign\u00f3 originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas."}], "id": "CVE-2013-1776", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-04-08T17:55:01.100", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2013/dsa-2642"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"source": "secalert@redhat.com", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/58207"}, {"source": "secalert@redhat.com", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"source": "secalert@redhat.com", "url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"}, {"source": "secalert@redhat.com", "url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2013/dsa-2642"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/58207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT205031"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1353", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "sudo-0:1.7.2p1-28.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2013-09-30T00:00:00Z"}, {"advisory": "RHBA-2013:0363", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "sudo-0:1.8.6p3-7.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2013-02-20T00:00:00Z"}], "bugzilla": {"description": "sudo: bypass of tty_tickets constraints", "id": "916365", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "verified"}, "details": ["sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."], "name": "CVE-2013-1776", "public_date": "2013-02-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1776\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1776\nhttp://www.sudo.ws/sudo/alerts/tty_tickets.html"], "threat_severity": "Low"}

{}