Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sudo 安全绕过漏洞
Vulnerability Description
Sudo是软件开发者Todd C. Miller所研发的一套用于类Unix操作系统下并允许用户通过安全的方式使用特殊的权限执行命令的程序。 sudo 1.7.10p5之前的版本和1.8.6p6之前的1.8.x 版本中存在漏洞,当启用tty_tickets选项时,程序没有正确验证控制终端设备。允许拥有sudo权限的本地用户劫持其他终端授权。利用没有控制终端设备会话和连接其他终端的标准输入,输出和错误文件描述符等条件可触发此漏洞。
CVSS Information
N/A
Vulnerability Type
N/A