Lucene search

K

PRIOn knowledge basePRION:CVE-2013-2777

HistoryApr 08, 2013 - 5:55 p.m.

Input validation

2013-04-0817:55:00

PRIOn knowledge base

www.prio-n.com

10

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

CPENameOperatorVersion
mac_os_xle10.10.4
sudoeq1.7.2-p4
sudoeq1.6.6
sudoeq1.7.0
sudoeq1.6.3
sudoeq1.7.4-p2
sudoeq<= 1.7.10p4
sudoeq1.6.1
sudoeq1.6.9-p20
sudoeq1.7.1

Rows per page:

1-10 of 751

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

rhn.redhat.com/errata/RHSA-2013-1701.html

www.debian.org/security/2013/dsa-2642

www.openwall.com/lists/oss-security/2013/02/27/31

www.securityfocus.com/bid/58207

www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440

bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023

bugzilla.redhat.com/show_bug.cgi?id=916365

exchange.xforce.ibmcloud.com/vulnerabilities/82453

support.apple.com/kb/HT205031

www.sudo.ws/repos/sudo/rev/2f3225a2a4a4

www.sudo.ws/repos/sudo/rev/bfa23f089bba

www.sudo.ws/sudo/alerts/tty_tickets.html

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.1%

Related for PRION:CVE-2013-2777

cve3 nvd3 debiancve3 cvelist3 ubuntucve3 openvas18 oraclelinux2 nessus27 gentoo1 prion2 freebsd1 veracode3 securityvulns3 slackware1 fedora2 osv1 debian1 amazon1 redhat3 centos2