Wind River Support Network

HomeDefectsLIN5-13227
Fixed

LIN5-13227 : Security Advisory - sudo - CVE-2013-2777

Created: Apr 18, 2013    Updated: Dec 19, 2017
Resolved Date: Mar 3, 2014
Previous ID: LIN3-13134
Found In Version: 5.0
Fix Version: 5.0.1.13
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to a standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2777

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online