What is CVE-2013-2777?

CVE-2013-2777 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2013-04-08.

Is CVE-2013-2777 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another termin…

EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Todd_miller Sudo — versions 1.3.5, 1.6, 1.6.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
58207 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2013:1701 (x_refsource_REDHAT, vendor-advisory)
DSA-2642 (vendor-advisory, x_refsource_DEBIAN)
[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints (mailing-list, x_refsource_MLIST)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
APPLE-SA-2015-08-13-2 (vendor-advisory, x_refsource_APPLE)
SSA:2013-065-01 (vendor-advisory, x_refsource_SLACKWARE)

Frequently asked questions

What is CVE-2013-2777?: CVE-2013-2777 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2013-04-08.
Is CVE-2013-2777 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.