Unrated severityNVD Advisory· Published Apr 8, 2013· Updated Apr 29, 2026
CVE-2013-2776
CVE-2013-2776
Description
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Affected products
65cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*+ 63 more
- cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*
- cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- www.sudo.ws/repos/sudo/rev/049a12a5cc14nvdVendor Advisory
- www.sudo.ws/repos/sudo/rev/0c0283d1fafanvdVendor Advisory
- support.apple.com/kb/HT205031nvdVendor Advisory
- bugs.debian.org/cgi-bin/bugreport.cginvd
- lists.apple.com/archives/security-announce/2015/Aug/msg00001.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1353.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1701.htmlnvd
- www.debian.org/security/2013/dsa-2642nvd
- www.openwall.com/lists/oss-security/2013/02/27/31nvd
- www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlnvd
- www.securityfocus.com/bid/58207nvd
- www.securityfocus.com/bid/62741nvd
- www.slackware.com/security/viewer.phpnvd
- www.sudo.ws/sudo/alerts/tty_tickets.htmlnvd
- bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/82453nvd
News mentions
0No linked articles in our index yet.