CVSS: 9.8EPSS: 0%CPEs: 75EXPL: 0CVE-2013-2777 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2777
08 Apr 2013 — sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, b... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 80EXPL: 7CVE-2013-1775 – Apple Mac OSX - Sudo Password Bypass
https://notcve.org/view.php?id=CVE-2013-1775
04 Mar 2013 — sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. sudo v1.6.0 a la v1.7.10p6 y sudo v1.8.0 a la v1.8.6p6, permite a usuarios locales o físicamente próximos evitar las restricciones de tiempo y mantener los privilegios sin necesidad de reautenticarse, simplemente estableciendo el reloj del sistema y... • https://packetstorm.news/files/id/123032 • CWE-264: Permissions, Privileges, and Access Controls •