Vulnerability   
Search   
    Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2013-1776
Description:sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Test IDs: 1.3.6.1.4.1.25623.1.1.4.2013.1595.1   1.3.6.1.4.1.25623.1.1.4.2013.1594.1   1.3.6.1.4.1.25623.1.1.4.2013.0793.1   1.3.6.1.4.1.25623.1.0.702642   1.3.6.1.4.1.25623.1.0.123560  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2013-1776
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
BugTraq ID: 58207
http://www.securityfocus.com/bid/58207
Debian Security Information: DSA-2642 (Google Search)
http://www.debian.org/security/2013/dsa-2642
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
https://bugzilla.redhat.com/show_bug.cgi?id=916365
http://www.openwall.com/lists/oss-security/2013/02/27/31
RedHat Security Advisories: RHSA-2013:1353
http://rhn.redhat.com/errata/RHSA-2013-1353.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
SuSE Security Announcement: openSUSE-SU-2013:0495 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
XForce ISS Database: sudo-ttytickets-sec-bypass(82453)
https://exchange.xforce.ibmcloud.com/vulnerabilities/82453




© 1998-2025 E-Soft Inc. All rights reserved.