CVE-2013-2776
Summary
| CVE | CVE-2013-2776 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-04-08 17:55:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:L/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Mac Os X | All | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.6p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.6p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.6p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.6p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.6p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.3.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.2p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.3_p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.7p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.8p12 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p20 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p21 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p22 | All | All | All |
| Application | Todd Miller | Sudo | 1.6.9p23 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.0 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.10 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.2p7 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.3b1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.4p6 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.5 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.6 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.6p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.6p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.7 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.8 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.8p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.8p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.9 | All | All | All |
| Application | Todd Miller | Sudo | 1.7.9p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.0 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.1p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.1p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.3 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.3p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.3p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p1 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p2 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p3 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p4 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.4p5 | All | All | All |
| Application | Todd Miller | Sudo | 1.8.5 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Bug #87023 “sudo option “tty_tickets” gives false sense of secur...” : Bugs : “sudo” package : Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | bugs.launchpad.net | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| Potential bypass of tty_tickets constraints | af854a3a-2127-422b-91ae-364da2661108 | www.sudo.ws | |
| 916365 – (CVE-2013-1776) CVE-2013-1776 sudo: bypass of tty_tickets constraints | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | |
| APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006 | af854a3a-2127-422b-91ae-364da2661108 | lists.apple.com | |
| Todd Miller Sudo CVE-2013-2776 Local Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Oracle VM Server for x86 Bulletin - July 2016 | af854a3a-2127-422b-91ae-364da2661108 | www.oracle.com | |
| About the security content of OS X Yosemite v10.10.5 and Security Update 2015-006 - Apple Support | af854a3a-2127-422b-91ae-364da2661108 | support.apple.com | Vendor Advisory |
| oss-security - Re: CVE request: potential bypass of sudo tty_tickets constraints | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| sudo: 0c0283d1fafa | af854a3a-2127-422b-91ae-364da2661108 | www.sudo.ws | Vendor Advisory |
| sudo: 049a12a5cc14 | af854a3a-2127-422b-91ae-364da2661108 | www.sudo.ws | Vendor Advisory |
| Debian -- Security Information -- DSA-2642-1 sudo | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | |
| #701839 - sudo: CVE-2013-1776 potential bypass of sudo tty_tickets constraints - Debian Bug report logs | af854a3a-2127-422b-91ae-364da2661108 | bugs.debian.org | |
| The Slackware Linux Project: Slackware Security Advisories | af854a3a-2127-422b-91ae-364da2661108 | www.slackware.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Todd Miller Sudo CVE-2013-1776 Local Security Bypass Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 390227 Oracle Managed Virtualization (VM) Server for x86 Security Update for sudo (OVMSA-2021-0012)