oss-sec mailing list archives

Re: CVE request: potential bypass of sudo tty_tickets constraints

From: "Todd C. Miller" <Todd.Miller () courtesan com>
Date: Thu, 28 Feb 2013 05:24:51 -0500

Sudo versions affected:
    Sudo 1.3.5 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p7 when
    the "tty_tickets" option is enabled.  This option is enabled
    by default in sudo 1.7.4 and above.


The affected versions are actually: 

  Sudo 1.3.5 through 1.7.10p5 and sudo 1.8.0 through 1.8.6p6 inclusive.

 - todd

Current thread:

CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller (Feb 27)
- Re: CVE request: potential bypass of sudo tty_tickets constraints Kurt Seifried (Feb 27)
- <Possible follow-ups>
- Re: CVE request: potential bypass of sudo tty_tickets constraints Todd C. Miller (Feb 28)