What is the severity of CVE-2013-2777?

The severity of CVE-2013-2777 is considered high due to the potential for local users to hijack sudo permissions.

How do I fix CVE-2013-2777?

To fix CVE-2013-2777, update sudo to version 1.7.10p5 or later for 1.7.x and version 1.8.6p6 or later for 1.8.x.

What systems are affected by CVE-2013-2777?

CVE-2013-2777 affects versions of sudo prior to 1.7.10p5 and 1.8.6p6, including various versions on macOS and those distributed by Todd Miller.

What is the impact of CVE-2013-2777?

The impact of CVE-2013-2777 allows an unprivileged user with sudo access to escalate privileges and potentially gain unauthorized access to system resources.

Is CVE-2013-2777 a remote vulnerability?

No, CVE-2013-2777 is a local vulnerability, meaning it can only be exploited by users with local access to the affected system.

Vulnerability/
CVE-2013-2777

medium

4.4

CWE

264

8/4/2013

6/8/2024

CVE-2013-2777

First published: Mon Apr 08 2013(Updated: )

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Apple iOS and macOS	<=10.10.4
Sudo	<=1.7.10p4
Sudo	=1.3.5
Sudo	=1.6
Sudo	=1.6.1
Sudo	=1.6.2
Sudo	=1.6.2p3
Sudo	=1.6.3
Sudo	=1.6.3_p7
Sudo	=1.6.4
Sudo	=1.6.4p2
Sudo	=1.6.5
Sudo	=1.6.6
Sudo	=1.6.7
Sudo	=1.6.7p5
Sudo	=1.6.8
Sudo	=1.6.8p12
Sudo	=1.6.9
Sudo	=1.6.9p20
Sudo	=1.6.9p21
Sudo	=1.6.9p22
Sudo	=1.6.9p23
Sudo	=1.7.0
Sudo	=1.7.1
Sudo	=1.7.2
Sudo	=1.7.2p1
Sudo	=1.7.2p2
Sudo	=1.7.2p3
Sudo	=1.7.2p4
Sudo	=1.7.2p5
Sudo	=1.7.2p6
Sudo	=1.7.2p7
Sudo	=1.7.3b1
Sudo	=1.7.4
Sudo	=1.7.4p1
Sudo	=1.7.4p2
Sudo	=1.7.4p3
Sudo	=1.7.4p4
Sudo	=1.7.4p5
Sudo	=1.7.4p6
Sudo	=1.7.5
Sudo	=1.7.6
Sudo	=1.7.6p1
Sudo	=1.7.6p2
Sudo	=1.7.7
Sudo	=1.7.8
Sudo	=1.7.8p1
Sudo	=1.7.8p2
Sudo	=1.7.9
Sudo	=1.7.9p1
Sudo	=1.7.10
Sudo	=1.7.10p1
Sudo	=1.7.10p2
Sudo	=1.7.10p3
Sudo	=1.8.0
Sudo	=1.8.1
Sudo	=1.8.1p1
Sudo	=1.8.1p2
Sudo	=1.8.2
Sudo	=1.8.3
Sudo	=1.8.3p1
Sudo	=1.8.3p2
Sudo	=1.8.4
Sudo	=1.8.4p1
Sudo	=1.8.4p2
Sudo	=1.8.4p3
Sudo	=1.8.4p4
Sudo	=1.8.4p5
Sudo	=1.8.5
Sudo	=1.8.6
Sudo	=1.8.6p1
Sudo	=1.8.6p2
Sudo	=1.8.6p3
Sudo	=1.8.6p4
Sudo	=1.8.6p5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-2777?
The severity of CVE-2013-2777 is considered high due to the potential for local users to hijack sudo permissions.
How do I fix CVE-2013-2777?
To fix CVE-2013-2777, update sudo to version 1.7.10p5 or later for 1.7.x and version 1.8.6p6 or later for 1.8.x.
What systems are affected by CVE-2013-2777?
CVE-2013-2777 affects versions of sudo prior to 1.7.10p5 and 1.8.6p6, including various versions on macOS and those distributed by Todd Miller.
What is the impact of CVE-2013-2777?
The impact of CVE-2013-2777 allows an unprivileged user with sudo access to escalate privileges and potentially gain unauthorized access to system resources.
Is CVE-2013-2777 a remote vulnerability?
No, CVE-2013-2777 is a local vulnerability, meaning it can only be exploited by users with local access to the affected system.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/author
agent/last-modified-date
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/apple ios and macos
version/apple ios and macos/10.10.4
vendor/todd miller
canonical/sudo
version/sudo/1.7.10p4
version/sudo/1.3.5
version/sudo/1.6
version/sudo/1.6.1
version/sudo/1.6.2
version/sudo/1.6.2p3
version/sudo/1.6.3
version/sudo/1.6.3_p7
version/sudo/1.6.4
version/sudo/1.6.4p2
version/sudo/1.6.5
version/sudo/1.6.6
version/sudo/1.6.7
version/sudo/1.6.7p5
version/sudo/1.6.8
version/sudo/1.6.8p12
version/sudo/1.6.9
version/sudo/1.6.9p20
version/sudo/1.6.9p21
version/sudo/1.6.9p22
version/sudo/1.6.9p23
version/sudo/1.7.0
version/sudo/1.7.1
version/sudo/1.7.2
version/sudo/1.7.2p1
version/sudo/1.7.2p2
version/sudo/1.7.2p3
version/sudo/1.7.2p4
version/sudo/1.7.2p5
version/sudo/1.7.2p6
version/sudo/1.7.2p7
version/sudo/1.7.3b1
version/sudo/1.7.4
version/sudo/1.7.4p1
version/sudo/1.7.4p2
version/sudo/1.7.4p3
version/sudo/1.7.4p4
version/sudo/1.7.4p5
version/sudo/1.7.4p6
version/sudo/1.7.5
version/sudo/1.7.6
version/sudo/1.7.6p1
version/sudo/1.7.6p2
version/sudo/1.7.7
version/sudo/1.7.8
version/sudo/1.7.8p1
version/sudo/1.7.8p2
version/sudo/1.7.9
version/sudo/1.7.9p1
version/sudo/1.7.10
version/sudo/1.7.10p1
version/sudo/1.7.10p2
version/sudo/1.7.10p3
version/sudo/1.8.0
version/sudo/1.8.1
version/sudo/1.8.1p1
version/sudo/1.8.1p2
version/sudo/1.8.2
version/sudo/1.8.3
version/sudo/1.8.3p1
version/sudo/1.8.3p2
version/sudo/1.8.4
version/sudo/1.8.4p1
version/sudo/1.8.4p2
version/sudo/1.8.4p3
version/sudo/1.8.4p4
version/sudo/1.8.4p5
version/sudo/1.8.5
version/sudo/1.8.6
version/sudo/1.8.6p1
version/sudo/1.8.6p2
version/sudo/1.8.6p3
version/sudo/1.8.6p4
version/sudo/1.8.6p5