FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- Potential bypass of tty_tickets constraints

Affected packages
sudo < 1.8.6.p7

Details

VuXML ID 82cfd919-8213-11e2-9273-902b343deec9
Discovery 2013-02-27
Entry 2013-03-01

Todd Miller reports:

A (potentially malicious) program run by a user with sudo access may be able to bypass the "tty_ticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last time stamp timeout (5 minutes by default).

References

CVE Name CVE-2013-1776
URL http://www.sudo.ws/sudo/alerts/tty_tickets.html