CVE-2013-1776
Summary
| CVE | CVE-2013-1776 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-04-08 17:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:L/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Application | Todd Miller | Sudo | 1.3.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.2p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8p12 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p20 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p21 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p22 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p23 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.0 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.3b1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.6p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.6p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.8p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.8p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.9 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.9p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.0 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.1p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.1p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.3 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.3p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.3p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.5 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug #87023 “sudo option “tty_tickets” gives false sense of secur...” : Bugs : “sudo” package : Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | bugs.launchpad.net | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Potential bypass of tty_tickets constraints | af854a3a-2127-422b-91ae-364da2661108 | www.sudo.ws | Vendor Advisory |
| 916365 – (CVE-2013-1776) CVE-2013-1776 sudo: bypass of tty_tickets constraints | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| Oracle VM Server for x86 Bulletin - July 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Vendor Advisory |
| oss-security - Re: CVE request: potential bypass of sudo tty_tickets constraints | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| sudo: 6b22be4d09f0 | af854a3a-2127-422b-91ae-364da2661108 | www.sudo.ws | |
| Debian -- Security Information -- DSA-2642-1 sudo | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| openSUSE-SU-2013:0495-1: sudo: fixed two security issues | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| #701839 - sudo: CVE-2013-1776 potential bypass of sudo tty_tickets constraints - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | www.slackware.com | |
| sudo: 632f8e028191 | af854a3a-2127-422b-91ae-364da2661108 | www.sudo.ws | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.