Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sudo 安全绕过漏洞
Vulnerability Description
Sudo是软件开发者Todd C. Miller所研发的一套用于类Unix操作系统下并允许用户通过安全的方式使用特殊的权限执行命令的程序。 sudo 1.3.5至1.7.10p5版本以及1.8.0至1.8.6p6版本中存在漏洞,该漏洞源于程序没有正确验证控制终端设备,从而允许拥有sudo权限的本地用户劫持其他终端设备的授权。成功的利用该漏洞要求系统缺少/proc和sysctl函数,且开启了tty_tickets选项。
CVSS Information
N/A
Vulnerability Type
N/A