CVE-2013-1776

Name of the Vulnerable Software and Affected Versions sudo versions 1.3.5 through 1.7.10 sudo versions 1.8.0 through 1.8.5 sudo versions prior to 1.8.6 p7

Description The issue affects the sudo package in Gentoo Linux, potentially compromising confidentiality, integrity, and availability of protected information. Exploitation can occur locally. Specifically, when the tty tickets option is enabled, the controlling terminal device is not properly validated, allowing local users with sudo permissions to hijack the authorization of another terminal by connecting to the standard input, output, and error file descriptors of that terminal.

Recommendations For versions 1.3.5 through 1.7.10, consider disabling the tty tickets option as a temporary workaround until a patch is available. For versions 1.8.0 through 1.8.5, restrict access to terminals with the tty tickets option enabled to minimize the risk of exploitation. For versions prior to 1.8.6 p7, update to version 1.8.6 p7 or later to resolve the issue.