What is CVE-2013-2776?

CVE-2013-2776 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2013-04-08.

Is CVE-2013-2776 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users w…

EPSS: 0.001 (22.9th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Todd_miller Sudo — versions 1.3.5, 1.6, 1.6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
58207 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
RHSA-2013:1701 (x_refsource_REDHAT, vendor-advisory)
DSA-2642 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)
APPLE-SA-2015-08-13-2 (vendor-advisory, x_refsource_APPLE)

Frequently asked questions

What is CVE-2013-2776?: CVE-2013-2776 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2013-04-08.
Is CVE-2013-2776 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.