CVE-2013-2777

Name of the Vulnerable Software and Affected Versions sudo versions prior to 1.8.6p7 sudo versions 1.8.x prior to 1.8.6p6 sudo versions prior to 1.7.10p5

Description The issue affects the sudo package in Gentoo Linux, potentially compromising confidentiality, integrity, and availability of protected information. Exploitation can occur locally. When the tty tickets option is enabled, the controlling terminal device is not properly validated, allowing local users with sudo permissions to hijack the authorization of another terminal. This can be achieved via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.

Recommendations For versions prior to 1.8.6p7, update to version 1.8.6p7 or later. For versions 1.8.x prior to 1.8.6p6, update to version 1.8.6p6 or later. For versions prior to 1.7.10p5, update to version 1.7.10p5 or later. As a temporary workaround, consider disabling the tty tickets option until a patch is available.