CVE-2013-1776
First published: Wed Feb 27 2013(Updated: )
From the upstream advisory: When a user successfully authenticates with sudo, a time stamp file is updated to allow that user to continue running sudo without requiring a password for a preset time period (five minutes by default). This time stamp file can either be common to all of a user's terminals, or it can be specific to the particular terminal the user authenticated themselves on. The terminal-specific time stamp file behavior can be controlled using the "tty_tickets" option in the sudoers file. This option has been enabled by default since sudo 1.7.4. Prior to sudo 1.7.4, the default was to use a single time stamp for all the user's sessions. A vulnerability exists because the user can control which terminal the standard input, output and error file descriptors (0-2) refer to. A malicious user could use this to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period (usually five minutes). The vulnerability does not permit a user to run commands other than those allowed by the sudoers policy. This affects versions 1.3.5 through up to the fixed 1.7.10p6 version, and sudo 1.8.0 through to the fixed 1.8.7p7. The fix for 1.7.x: <a href="http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa">http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa</a> The fix for 1.8.x: <a href="http://www.sudo.ws/repos/sudo/rev/049a12a5cc14">http://www.sudo.ws/repos/sudo/rev/049a12a5cc14</a> External References: <a href="http://www.sudo.ws/sudo/alerts/tty_tickets.html">http://www.sudo.ws/sudo/alerts/tty_tickets.html</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/sudo | <1.8.5 | 1.8.5 |
| redhat/sudo | <1.7.10 | 1.7.10 |
| Apple iOS and macOS | <=10.10.4 | |
| Todd Miller Sudo | =1.8.0 | |
| Todd Miller Sudo | =1.8.1 | |
| Todd Miller Sudo | =1.8.1p1 | |
| Todd Miller Sudo | =1.8.1p2 | |
| Todd Miller Sudo | =1.8.2 | |
| Todd Miller Sudo | =1.8.3 | |
| Todd Miller Sudo | =1.8.3p1 | |
| Todd Miller Sudo | =1.8.3p2 | |
| Todd Miller Sudo | =1.8.4 | |
| Todd Miller Sudo | =1.8.4p1 | |
| Todd Miller Sudo | =1.8.4p2 | |
| Todd Miller Sudo | =1.8.4p3 | |
| Todd Miller Sudo | =1.8.4p4 | |
| Todd Miller Sudo | =1.8.4p5 | |
| Todd Miller Sudo | =1.8.5 | |
| Todd Miller Sudo | =1.3.5 | |
| Todd Miller Sudo | =1.6 | |
| Todd Miller Sudo | =1.6.1 | |
| Todd Miller Sudo | =1.6.2 | |
| Todd Miller Sudo | =1.6.2p3 | |
| Todd Miller Sudo | =1.6.3 | |
| Todd Miller Sudo | =1.6.3_p7 | |
| Todd Miller Sudo | =1.6.4 | |
| Todd Miller Sudo | =1.6.4p2 | |
| Todd Miller Sudo | =1.6.5 | |
| Todd Miller Sudo | =1.6.6 | |
| Todd Miller Sudo | =1.6.7 | |
| Todd Miller Sudo | =1.6.7p5 | |
| Todd Miller Sudo | =1.6.8 | |
| Todd Miller Sudo | =1.6.8p12 | |
| Todd Miller Sudo | =1.6.9 | |
| Todd Miller Sudo | =1.6.9p20 | |
| Todd Miller Sudo | =1.6.9p21 | |
| Todd Miller Sudo | =1.6.9p22 | |
| Todd Miller Sudo | =1.6.9p23 | |
| Todd Miller Sudo | =1.7.0 | |
| Todd Miller Sudo | =1.7.1 | |
| Todd Miller Sudo | =1.7.2 | |
| Todd Miller Sudo | =1.7.2p1 | |
| Todd Miller Sudo | =1.7.2p2 | |
| Todd Miller Sudo | =1.7.2p3 | |
| Todd Miller Sudo | =1.7.2p4 | |
| Todd Miller Sudo | =1.7.2p5 | |
| Todd Miller Sudo | =1.7.2p6 | |
| Todd Miller Sudo | =1.7.2p7 | |
| Todd Miller Sudo | =1.7.3b1 | |
| Todd Miller Sudo | =1.7.4 | |
| Todd Miller Sudo | =1.7.4p1 | |
| Todd Miller Sudo | =1.7.4p2 | |
| Todd Miller Sudo | =1.7.4p3 | |
| Todd Miller Sudo | =1.7.4p4 | |
| Todd Miller Sudo | =1.7.4p5 | |
| Todd Miller Sudo | =1.7.4p6 | |
| Todd Miller Sudo | =1.7.5 | |
| Todd Miller Sudo | =1.7.6 | |
| Todd Miller Sudo | =1.7.6p1 | |
| Todd Miller Sudo | =1.7.6p2 | |
| Todd Miller Sudo | =1.7.7 | |
| Todd Miller Sudo | =1.7.8 | |
| Todd Miller Sudo | =1.7.8p1 | |
| Todd Miller Sudo | =1.7.8p2 | |
| Todd Miller Sudo | =1.7.9 | |
| Todd Miller Sudo | =1.7.9p1 | |
| Todd Miller Sudo | =1.7.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
- http://rhn.redhat.com/errata/RHSA-2013-1353.html
- http://www.debian.org/security/2013/dsa-2642
- http://www.openwall.com/lists/oss-security/2013/02/27/31
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/58207
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
- http://www.sudo.ws/repos/sudo/rev/632f8e028191
- http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0
- http://www.sudo.ws/sudo/alerts/tty_tickets.html
- https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023
- https://bugzilla.redhat.com/show_bug.cgi?id=916365
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82453
- https://support.apple.com/kb/HT205031
- http://www.sudo.ws/repos/sudo/rev/0c0283d1fafa
- http://www.sudo.ws/repos/sudo/rev/049a12a5cc14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=916367
- https://access.redhat.com/security/cve/CVE-2013-1776
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=949751
- https://access.redhat.com/security/cve/CVE-2013-2776
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=949753
- https://access.redhat.com/security/cve/CVE-2013-2777
- https://rhn.redhat.com/errata/RHBA-2013-0363.html
- https://rhn.redhat.com/errata/RHSA-2013-1353.html
Frequently Asked Questions
What is the severity of CVE-2013-1776?
The severity of CVE-2013-1776 is classified as medium due to potential unauthorized privilege escalation.
How do I fix CVE-2013-1776?
To fix CVE-2013-1776, upgrade to a fixed version of sudo or apply relevant patches as recommended by the software vendor.
Which versions of sudo are affected by CVE-2013-1776?
CVE-2013-1776 affects multiple versions of sudo, specifically versions 1.8.0 through 1.8.5, along with older versions.
Is CVE-2013-1776 a remote vulnerability?
CVE-2013-1776 is not a remote vulnerability; it requires local access to exploit.
Can CVE-2013-1776 impact Apple Mac OS X?
Yes, CVE-2013-1776 impacts Apple Mac OS X versions up to and including 10.10.4.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-1776
- agent/software-canonical-lookup
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- package-manager/redhat
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.10.4
- vendor/todd miller
- canonical/todd miller sudo
- version/todd miller sudo/1.8.0
- version/todd miller sudo/1.8.1
- version/todd miller sudo/1.8.1p1
- version/todd miller sudo/1.8.1p2
- version/todd miller sudo/1.8.2
- version/todd miller sudo/1.8.3
- version/todd miller sudo/1.8.3p1
- version/todd miller sudo/1.8.3p2
- version/todd miller sudo/1.8.4
- version/todd miller sudo/1.8.4p1
- version/todd miller sudo/1.8.4p2
- version/todd miller sudo/1.8.4p3
- version/todd miller sudo/1.8.4p4
- version/todd miller sudo/1.8.4p5
- version/todd miller sudo/1.8.5
- version/todd miller sudo/1.3.5
- version/todd miller sudo/1.6
- version/todd miller sudo/1.6.1
- version/todd miller sudo/1.6.2
- version/todd miller sudo/1.6.2p3
- version/todd miller sudo/1.6.3
- version/todd miller sudo/1.6.3_p7
- version/todd miller sudo/1.6.4
- version/todd miller sudo/1.6.4p2
- version/todd miller sudo/1.6.5
- version/todd miller sudo/1.6.6
- version/todd miller sudo/1.6.7
- version/todd miller sudo/1.6.7p5
- version/todd miller sudo/1.6.8
- version/todd miller sudo/1.6.8p12
- version/todd miller sudo/1.6.9
- version/todd miller sudo/1.6.9p20
- version/todd miller sudo/1.6.9p21
- version/todd miller sudo/1.6.9p22
- version/todd miller sudo/1.6.9p23
- version/todd miller sudo/1.7.0
- version/todd miller sudo/1.7.1
- version/todd miller sudo/1.7.2
- version/todd miller sudo/1.7.2p1
- version/todd miller sudo/1.7.2p2
- version/todd miller sudo/1.7.2p3
- version/todd miller sudo/1.7.2p4
- version/todd miller sudo/1.7.2p5
- version/todd miller sudo/1.7.2p6
- version/todd miller sudo/1.7.2p7
- version/todd miller sudo/1.7.3b1
- version/todd miller sudo/1.7.4
- version/todd miller sudo/1.7.4p1
- version/todd miller sudo/1.7.4p2
- version/todd miller sudo/1.7.4p3
- version/todd miller sudo/1.7.4p4
- version/todd miller sudo/1.7.4p5
- version/todd miller sudo/1.7.4p6
- version/todd miller sudo/1.7.5
- version/todd miller sudo/1.7.6
- version/todd miller sudo/1.7.6p1
- version/todd miller sudo/1.7.6p2
- version/todd miller sudo/1.7.7
- version/todd miller sudo/1.7.8
- version/todd miller sudo/1.7.8p1
- version/todd miller sudo/1.7.8p2
- version/todd miller sudo/1.7.9
- version/todd miller sudo/1.7.9p1
- version/todd miller sudo/1.7.10