CVE-2013-1775

Severity

69%

Complexity

34%

Confidentiality

165%

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 11 years ago

2013-03-05 21:38:00

Last updated 8 years ago

2016-11-28 19:08:00

Affected Software

Todd Miller Sudo 1.6

1.6

Todd Miller Sudo 1.6.1

1.6.1

Todd Miller Sudo 1.6.2

1.6.2

Todd Miller Sudo 1.6.2p3

1.6.2p3

Todd Miller Sudo 1.6.3

1.6.3

Todd Miller Sudo 1.6.3 p7

1.6.3_p7

Todd Miller Sudo 1.6.4

1.6.4

Todd Miller Sudo 1.6.4p2

1.6.4p2

Todd Miller Sudo 1.6.5

1.6.5

Todd Miller Sudo 1.6.6

1.6.6

Todd Miller Sudo 1.6.7

1.6.7

Todd Miller Sudo 1.6.7p5

1.6.7p5

Todd Miller Sudo 1.6.8

1.6.8

Todd Miller Sudo 1.6.8p12

1.6.8p12

Todd Miller Sudo 1.6.9

1.6.9

Todd Miller Sudo 1.6.9p20

1.6.9p20

Todd Miller Sudo 1.6.9p21

1.6.9p21

Todd Miller Sudo 1.6.9p22

1.6.9p22

Todd Miller Sudo 1.6.9p23

1.6.9p23

Todd Miller Sudo 1.8.0

1.8.0

Todd Miller Sudo 1.8.1

1.8.1

Todd Miller Sudo 1.8.1p1

1.8.1p1

Todd Miller Sudo 1.8.1p2

1.8.1p2

Todd Miller Sudo 1.8.2

1.8.2

Todd Miller Sudo 1.8.3

1.8.3

Todd Miller Sudo 1.8.3p1

1.8.3p1

Todd Miller Sudo 1.8.3p2

1.8.3p2

Todd Miller Sudo 1.8.4

1.8.4

Todd Miller Sudo 1.8.4p1

1.8.4p1

Todd Miller Sudo 1.8.4p2

1.8.4p2

Todd Miller Sudo 1.8.4p3

1.8.4p3

Todd Miller Sudo 1.8.4p4

1.8.4p4

Todd Miller Sudo 1.8.4p5

1.8.4p5

Todd Miller Sudo 1.8.5

1.8.5

Todd Miller Sudo 1.8.5p1

1.8.5p1

Todd Miller Sudo 1.8.5p2

1.8.5p2

Todd Miller Sudo 1.8.5p3

1.8.5p3

Todd Miller Sudo 1.8.6

1.8.6

Todd Miller Sudo 1.8.6p1

1.8.6p1

Todd Miller Sudo 1.8.6p2

1.8.6p2

Todd Miller Sudo 1.8.6p3

1.8.6p3

Todd Miller Sudo 1.8.6p4

1.8.6p4

Todd Miller Sudo 1.8.6p5

1.8.6p5

Todd Miller Sudo 1.8.6p6

1.8.6p6

Apple Mac OS X

Todd Miller Sudo 1.7.0

1.7.0

Todd Miller Sudo 1.7.1

1.7.1

Todd Miller Sudo 1.7.2

1.7.2

Todd Miller Sudo 1.7.2p1

1.7.2p1

Todd Miller Sudo 1.7.2p2

1.7.2p2

Todd Miller Sudo 1.7.2p3

1.7.2p3

Todd Miller Sudo 1.7.2p4

1.7.2p4

Todd Miller Sudo 1.7.2p5

1.7.2p5

Todd Miller Sudo 1.7.2p6

1.7.2p6

Todd Miller Sudo 1.7.2p7

1.7.2p7

Todd Miller Sudo 1.7.3b1

1.7.3b1

Todd Miller Sudo 1.7.4

1.7.4

Todd Miller Sudo 1.7.4p1

1.7.4p1

Todd Miller Sudo 1.7.4p2

1.7.4p2

Todd Miller Sudo 1.7.4p3

1.7.4p3

Todd Miller Sudo 1.7.4p4

1.7.4p4

Todd Miller Sudo 1.7.4p5

1.7.4p5

Todd Miller Sudo 1.7.4p6

1.7.4p6

Todd Miller Sudo 1.7.5

1.7.5

Todd Miller Sudo 1.7.6

1.7.6

Todd Miller Sudo 1.7.6p1

1.7.6p1

Todd Miller Sudo 1.7.6p2

1.7.6p2

Todd Miller Sudo 1.7.7

1.7.7

Todd Miller Sudo 1.7.8

1.7.8

Todd Miller Sudo 1.7.8p1

1.7.8p1

Todd Miller Sudo 1.7.8p2

1.7.8p2

Todd Miller Sudo 1.7.9

1.7.9

Todd Miller Sudo 1.7.9p1

1.7.9p1

Todd Miller Sudo 1.7.10

1.7.10

Todd Miller Sudo 1.7.10p1

1.7.10p1

Todd Miller Sudo 1.7.10p2

1.7.10p2

Todd Miller Sudo 1.7.10p3

1.7.10p3

Todd Miller Sudo 1.7.10p4

1.7.10p4

Todd Miller Sudo 1.7.10p5

1.7.10p5

Todd Miller Sudo 1.7.10p6

1.7.10p6

References

APPLE-SA-2013-09-12-1

APPLE-SA-2015-08-13-2

openSUSE-SU-2013:0495

90677

RHSA-2013:1353

RHSA-2013:1701

http://support.apple.com/kb/HT5880

DSA-2642

[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

58203

SSA:2013-065-01

http://www.sudo.ws/repos/sudo/rev/ddf399e3e306

Exploit, Patch

http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f

Exploit, Patch

http://www.sudo.ws/sudo/alerts/epoch_ticket.html

Vendor Advisory

USN-1754-1

https://support.apple.com/kb/HT205031

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.