What is the severity of CVE-2013-2776?

CVE-2013-2776 has a high severity rating due to its potential to allow local users to hijack sudo privileges from other users.

How do I fix CVE-2013-2776?

To fix CVE-2013-2776, upgrade to sudo version 1.7.10p6 or later, or 1.8.7 or later, where the vulnerability is patched.

Who is affected by CVE-2013-2776?

CVE-2013-2776 affects local users on systems running vulnerable versions of sudo without /proc or sysctl functionalities.

What are the vulnerable versions for CVE-2013-2776?

The vulnerable versions for CVE-2013-2776 range from 1.3.5 to 1.8.6p6 of sudo.

Is CVE-2013-2776 fixed in all distributions?

CVE-2013-2776 is not fixed in all distributions, and users should verify their specific sudo versions against the vulnerability.

Vulnerability/
CVE-2013-2776

medium

4.4

CWE

264

8/4/2013

6/8/2024

CVE-2013-2776

First published: Mon Apr 08 2013(Updated: )

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Sudo	=1.3.5
Sudo	=1.6
Sudo	=1.6.1
Sudo	=1.6.2
Sudo	=1.6.2p3
Sudo	=1.6.3
Sudo	=1.6.3_p7
Sudo	=1.6.4
Sudo	=1.6.4p2
Sudo	=1.6.5
Sudo	=1.6.6
Sudo	=1.6.7
Sudo	=1.6.7p5
Sudo	=1.6.8
Sudo	=1.6.8p12
Sudo	=1.6.9
Sudo	=1.6.9p20
Sudo	=1.6.9p21
Sudo	=1.6.9p22
Sudo	=1.6.9p23
Sudo	=1.7.0
Sudo	=1.7.1
Sudo	=1.7.2
Sudo	=1.7.2p1
Sudo	=1.7.2p2
Sudo	=1.7.2p3
Sudo	=1.7.2p4
Sudo	=1.7.2p5
Sudo	=1.7.2p6
Sudo	=1.7.2p7
Sudo	=1.7.3b1
Sudo	=1.7.4
Sudo	=1.7.4p1
Sudo	=1.7.4p2
Sudo	=1.7.4p3
Sudo	=1.7.4p4
Sudo	=1.7.4p5
Sudo	=1.7.4p6
Sudo	=1.7.5
Sudo	=1.7.6
Sudo	=1.7.6p1
Sudo	=1.7.6p2
Sudo	=1.7.7
Sudo	=1.7.8
Sudo	=1.7.8p1
Sudo	=1.7.8p2
Sudo	=1.7.9
Sudo	=1.7.9p1
Sudo	=1.7.10
Sudo	=1.7.10p1
Sudo	=1.7.10p2
Sudo	=1.7.10p3
Apple iOS and macOS	<=10.10.4
Sudo	=1.7.10p4
Sudo	=1.7.10p5
Sudo	=1.8.0
Sudo	=1.8.1
Sudo	=1.8.1p1
Sudo	=1.8.1p2
Sudo	=1.8.2
Sudo	=1.8.3
Sudo	=1.8.3p1
Sudo	=1.8.3p2
Sudo	=1.8.4
Sudo	=1.8.4p1
Sudo	=1.8.4p2
Sudo	=1.8.4p3
Sudo	=1.8.4p4
Sudo	=1.8.4p5
Sudo	=1.8.5
Sudo	=1.8.6
Sudo	=1.8.6p1
Sudo	=1.8.6p2
Sudo	=1.8.6p3
Sudo	=1.8.6p4
Sudo	=1.8.6p5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2776?
CVE-2013-2776 has a high severity rating due to its potential to allow local users to hijack sudo privileges from other users.
How do I fix CVE-2013-2776?
To fix CVE-2013-2776, upgrade to sudo version 1.7.10p6 or later, or 1.8.7 or later, where the vulnerability is patched.
Who is affected by CVE-2013-2776?
CVE-2013-2776 affects local users on systems running vulnerable versions of sudo without /proc or sysctl functionalities.
What are the vulnerable versions for CVE-2013-2776?
The vulnerable versions for CVE-2013-2776 range from 1.3.5 to 1.8.6p6 of sudo.
Is CVE-2013-2776 fixed in all distributions?
CVE-2013-2776 is not fixed in all distributions, and users should verify their specific sudo versions against the vulnerability.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/todd miller
canonical/sudo
version/sudo/1.3.5
version/sudo/1.6
version/sudo/1.6.1
version/sudo/1.6.2
version/sudo/1.6.2p3
version/sudo/1.6.3
version/sudo/1.6.3_p7
version/sudo/1.6.4
version/sudo/1.6.4p2
version/sudo/1.6.5
version/sudo/1.6.6
version/sudo/1.6.7
version/sudo/1.6.7p5
version/sudo/1.6.8
version/sudo/1.6.8p12
version/sudo/1.6.9
version/sudo/1.6.9p20
version/sudo/1.6.9p21
version/sudo/1.6.9p22
version/sudo/1.6.9p23
version/sudo/1.7.0
version/sudo/1.7.1
version/sudo/1.7.2
version/sudo/1.7.2p1
version/sudo/1.7.2p2
version/sudo/1.7.2p3
version/sudo/1.7.2p4
version/sudo/1.7.2p5
version/sudo/1.7.2p6
version/sudo/1.7.2p7
version/sudo/1.7.3b1
version/sudo/1.7.4
version/sudo/1.7.4p1
version/sudo/1.7.4p2
version/sudo/1.7.4p3
version/sudo/1.7.4p4
version/sudo/1.7.4p5
version/sudo/1.7.4p6
version/sudo/1.7.5
version/sudo/1.7.6
version/sudo/1.7.6p1
version/sudo/1.7.6p2
version/sudo/1.7.7
version/sudo/1.7.8
version/sudo/1.7.8p1
version/sudo/1.7.8p2
version/sudo/1.7.9
version/sudo/1.7.9p1
version/sudo/1.7.10
version/sudo/1.7.10p1
version/sudo/1.7.10p2
version/sudo/1.7.10p3
vendor/apple
canonical/apple ios and macos
version/apple ios and macos/10.10.4
version/sudo/1.7.10p4
version/sudo/1.7.10p5
version/sudo/1.8.0
version/sudo/1.8.1
version/sudo/1.8.1p1
version/sudo/1.8.1p2
version/sudo/1.8.2
version/sudo/1.8.3
version/sudo/1.8.3p1
version/sudo/1.8.3p2
version/sudo/1.8.4
version/sudo/1.8.4p1
version/sudo/1.8.4p2
version/sudo/1.8.4p3
version/sudo/1.8.4p4
version/sudo/1.8.4p5
version/sudo/1.8.5
version/sudo/1.8.6
version/sudo/1.8.6p1
version/sudo/1.8.6p2
version/sudo/1.8.6p3
version/sudo/1.8.6p4
version/sudo/1.8.6p5