Wind River Support Network

HomeDefectsLIN5-14104
Fixed

LIN5-14104 : Security Advisory - sudo - CVE-2013-1776

Created: Apr 18, 2013    Updated: Dec 19, 2017
Resolved Date: Mar 3, 2014
Previous ID: LIN3-20171
Found In Version: 5.0
Fix Version: 5.0.1.13
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1776

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online