#VU42929 Permissions, Privileges, and Access Controls in Sudo


Published: 2013-04-08 | Updated: 2020-08-11

Vulnerability identifier: #VU42929

Vulnerability risk: Medium

CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2013-2777

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Sudo
Client/Desktop applications / Software for system administration

Vendor: Sudo

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Sudo: 1.3.5 - 1.8.6p5

External links
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://rhn.redhat.com/errata/RHSA-2013-1701.html
http://www.debian.org/security/2013/dsa-2642
http://www.openwall.com/lists/oss-security/2013/02/27/31
http://www.securityfocus.com/bid/58207
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4
http://www.sudo.ws/repos/sudo/rev/bfa23f089bba
http://www.sudo.ws/sudo/alerts/tty_tickets.html
http://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
http://bugzilla.redhat.com/show_bug.cgi?id=916365
http://exchange.xforce.ibmcloud.com/vulnerabilities/82453
http://support.apple.com/kb/HT205031

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Permissions, Privileges, and Access Controls in Sudo