CVE-2013-2776

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2013-2776
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2013-04-08 17:55:00 UTC
Updated2017-08-29 01:33:00 UTC
Descriptionsudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Mac Os X All All All All
Application Todd Miller Sudo 1.7.10p1 All All All
Application Todd Miller Sudo 1.7.10p2 All All All
Application Todd Miller Sudo 1.7.10p3 All All All
Application Todd Miller Sudo 1.7.10p4 All All All
Application Todd Miller Sudo 1.7.10p5 All All All
Application Todd Miller Sudo 1.8.6 All All All
Application Todd Miller Sudo 1.8.6p1 All All All
Application Todd Miller Sudo 1.8.6p2 All All All
Application Todd Miller Sudo 1.8.6p3 All All All
Application Todd Miller Sudo 1.8.6p4 All All All
Application Todd Miller Sudo 1.8.6p5 All All All
Application Todd Miller Sudo 1.7.10p1 All All All
Application Todd Miller Sudo 1.7.10p2 All All All
Application Todd Miller Sudo 1.7.10p3 All All All
Application Todd Miller Sudo 1.7.10p4 All All All
Application Todd Miller Sudo 1.7.10p5 All All All
Application Todd Miller Sudo 1.8.6 All All All
Application Todd Miller Sudo 1.8.6p1 All All All
Application Todd Miller Sudo 1.8.6p2 All All All
Application Todd Miller Sudo 1.8.6p3 All All All
Application Todd Miller Sudo 1.8.6p4 All All All
Application Todd Miller Sudo 1.8.6p5 All All All
Application Todd Miller Sudo 1.3.5 All All All
Application Todd Miller Sudo 1.6 All All All
Application Todd Miller Sudo 1.6.1 All All All
Application Todd Miller Sudo 1.6.2 All All All
Application Todd Miller Sudo 1.6.2p3 All All All
Application Todd Miller Sudo 1.6.3 All All All
Application Todd Miller Sudo 1.6.3_p7 All All All
Application Todd Miller Sudo 1.6.4 All All All
Application Todd Miller Sudo 1.6.4p2 All All All
Application Todd Miller Sudo 1.6.5 All All All
Application Todd Miller Sudo 1.6.6 All All All
Application Todd Miller Sudo 1.6.7 All All All
Application Todd Miller Sudo 1.6.7p5 All All All
Application Todd Miller Sudo 1.6.8 All All All
Application Todd Miller Sudo 1.6.8p12 All All All
Application Todd Miller Sudo 1.6.9 All All All
Application Todd Miller Sudo 1.6.9p20 All All All
Application Todd Miller Sudo 1.6.9p21 All All All
Application Todd Miller Sudo 1.6.9p22 All All All
Application Todd Miller Sudo 1.6.9p23 All All All
Application Todd Miller Sudo 1.7.0 All All All
Application Todd Miller Sudo 1.7.1 All All All
Application Todd Miller Sudo 1.7.10 All All All
Application Todd Miller Sudo 1.7.2 All All All
Application Todd Miller Sudo 1.7.2p1 All All All
Application Todd Miller Sudo 1.7.2p2 All All All
Application Todd Miller Sudo 1.7.2p3 All All All
Application Todd Miller Sudo 1.7.2p4 All All All
Application Todd Miller Sudo 1.7.2p5 All All All
Application Todd Miller Sudo 1.7.2p6 All All All
Application Todd Miller Sudo 1.7.2p7 All All All
Application Todd Miller Sudo 1.7.3b1 All All All
Application Todd Miller Sudo 1.7.4 All All All
Application Todd Miller Sudo 1.7.4p1 All All All
Application Todd Miller Sudo 1.7.4p2 All All All
Application Todd Miller Sudo 1.7.4p3 All All All
Application Todd Miller Sudo 1.7.4p4 All All All
Application Todd Miller Sudo 1.7.4p5 All All All
Application Todd Miller Sudo 1.7.4p6 All All All
Application Todd Miller Sudo 1.7.5 All All All
Application Todd Miller Sudo 1.7.6 All All All
Application Todd Miller Sudo 1.7.6p1 All All All
Application Todd Miller Sudo 1.7.6p2 All All All
Application Todd Miller Sudo 1.7.7 All All All
Application Todd Miller Sudo 1.7.8 All All All
Application Todd Miller Sudo 1.7.8p1 All All All
Application Todd Miller Sudo 1.7.8p2 All All All
Application Todd Miller Sudo 1.7.9 All All All
Application Todd Miller Sudo 1.7.9p1 All All All
Application Todd Miller Sudo 1.8.0 All All All
Application Todd Miller Sudo 1.8.1 All All All
Application Todd Miller Sudo 1.8.1p1 All All All
Application Todd Miller Sudo 1.8.1p2 All All All
Application Todd Miller Sudo 1.8.2 All All All
Application Todd Miller Sudo 1.8.3 All All All
Application Todd Miller Sudo 1.8.3p1 All All All
Application Todd Miller Sudo 1.8.3p2 All All All
Application Todd Miller Sudo 1.8.4 All All All
Application Todd Miller Sudo 1.8.4p1 All All All
Application Todd Miller Sudo 1.8.4p2 All All All
Application Todd Miller Sudo 1.8.4p3 All All All
Application Todd Miller Sudo 1.8.4p4 All All All
Application Todd Miller Sudo 1.8.4p5 All All All
Application Todd Miller Sudo 1.8.5 All All All
Application Todd Miller Sudo 1.3.5 All All All
Application Todd Miller Sudo 1.6 All All All
Application Todd Miller Sudo 1.6.1 All All All
Application Todd Miller Sudo 1.6.2 All All All
Application Todd Miller Sudo 1.6.2p3 All All All
Application Todd Miller Sudo 1.6.3 All All All
Application Todd Miller Sudo 1.6.3_p7 All All All
Application Todd Miller Sudo 1.6.4 All All All
Application Todd Miller Sudo 1.6.4p2 All All All
Application Todd Miller Sudo 1.6.5 All All All
Application Todd Miller Sudo 1.6.6 All All All
Application Todd Miller Sudo 1.6.7 All All All
Application Todd Miller Sudo 1.6.7p5 All All All
Application Todd Miller Sudo 1.6.8 All All All
Application Todd Miller Sudo 1.6.8p12 All All All
Application Todd Miller Sudo 1.6.9 All All All
Application Todd Miller Sudo 1.6.9p20 All All All
Application Todd Miller Sudo 1.6.9p21 All All All
Application Todd Miller Sudo 1.6.9p22 All All All
Application Todd Miller Sudo 1.6.9p23 All All All
Application Todd Miller Sudo 1.7.0 All All All
Application Todd Miller Sudo 1.7.1 All All All
Application Todd Miller Sudo 1.7.10 All All All
Application Todd Miller Sudo 1.7.2 All All All
Application Todd Miller Sudo 1.7.2p1 All All All
Application Todd Miller Sudo 1.7.2p2 All All All
Application Todd Miller Sudo 1.7.2p3 All All All
Application Todd Miller Sudo 1.7.2p4 All All All
Application Todd Miller Sudo 1.7.2p5 All All All
Application Todd Miller Sudo 1.7.2p6 All All All
Application Todd Miller Sudo 1.7.2p7 All All All
Application Todd Miller Sudo 1.7.3b1 All All All
Application Todd Miller Sudo 1.7.4 All All All
Application Todd Miller Sudo 1.7.4p1 All All All
Application Todd Miller Sudo 1.7.4p2 All All All
Application Todd Miller Sudo 1.7.4p3 All All All
Application Todd Miller Sudo 1.7.4p4 All All All
Application Todd Miller Sudo 1.7.4p5 All All All
Application Todd Miller Sudo 1.7.4p6 All All All
Application Todd Miller Sudo 1.7.5 All All All
Application Todd Miller Sudo 1.7.6 All All All
Application Todd Miller Sudo 1.7.6p1 All All All
Application Todd Miller Sudo 1.7.6p2 All All All
Application Todd Miller Sudo 1.7.7 All All All
Application Todd Miller Sudo 1.7.8 All All All
Application Todd Miller Sudo 1.7.8p1 All All All
Application Todd Miller Sudo 1.7.8p2 All All All
Application Todd Miller Sudo 1.7.9 All All All
Application Todd Miller Sudo 1.7.9p1 All All All
Application Todd Miller Sudo 1.8.0 All All All
Application Todd Miller Sudo 1.8.1 All All All
Application Todd Miller Sudo 1.8.1p1 All All All
Application Todd Miller Sudo 1.8.1p2 All All All
Application Todd Miller Sudo 1.8.2 All All All
Application Todd Miller Sudo 1.8.3 All All All
Application Todd Miller Sudo 1.8.3p1 All All All
Application Todd Miller Sudo 1.8.3p2 All All All
Application Todd Miller Sudo 1.8.4 All All All
Application Todd Miller Sudo 1.8.4p1 All All All
Application Todd Miller Sudo 1.8.4p2 All All All
Application Todd Miller Sudo 1.8.4p3 All All All
Application Todd Miller Sudo 1.8.4p4 All All All
Application Todd Miller Sudo 1.8.4p5 All All All
Application Todd Miller Sudo 1.8.5 All All All

References

ReferenceSourceLinkTags
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
sudo: 049a12a5cc14 CONFIRM www.sudo.ws Vendor Advisory
Potential bypass of tty_tickets constraints CONFIRM www.sudo.ws
#701839 - sudo: CVE-2013-1776 potential bypass of sudo tty_tickets constraints - Debian Bug report logs MISC bugs.debian.org
sudo: 0c0283d1fafa CONFIRM www.sudo.ws Vendor Advisory
The Slackware Linux Project: Slackware Security Advisories SLACKWARE www.slackware.com
Red Hat Customer Portal REDHAT rhn.redhat.com
About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support CONFIRM support.apple.com Vendor Advisory
Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability BID www.securityfocus.com
916365 – (CVE-2013-1776) CVE-2013-1776 sudo: bypass of tty_tickets constraints MISC bugzilla.redhat.com
Red Hat Customer Portal REDHAT rhn.redhat.com
Oracle VM Server for x86 Bulletin - July 2016 CONFIRM www.oracle.com
Debian -- Security Information -- DSA-2642-1 sudo DEBIAN www.debian.org
Todd Miller Sudo CVE-2013-2776 Local Security Bypass Vulnerability BID www.securityfocus.com
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 APPLE lists.apple.com
Bug #87023 “sudo option “tty_tickets” gives false sense of secur...” : Bugs : “sudo” package : Ubuntu MISC bugs.launchpad.net
oss-security - Re: CVE request: potential bypass of sudo tty_tickets constraints MLIST www.openwall.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 390227 Oracle Managed Virtualization (VM) Server for x86 Security Update for sudo (OVMSA-2021-0012)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report