Wind River Support Network

HomeDefectsLIN5-14128
Fixed

LIN5-14128 : Security Advisory - sudo - CVE-2013-2776

Created: Apr 18, 2013    Updated: Dec 19, 2017
Resolved Date: Mar 3, 2014
Previous ID: LIN3-24685
Found In Version: 5.0
Fix Version: 5.0.1.13
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to a standard input, output, and error file descriptors of another terminal.  NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2776

Workaround

Unknown

Steps to Reproduce

Unknown

Other Downloads


Live chat
Online