Marco Schoepl

**Name of the Vulnerable Software and Affected Versions** sudo versions 1.6.0 through 1.7.10p6 sudo versions 1.8.0 through 1.8.6p6 **Description** The issue allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Multiple vulnerabilities in the sudo package can lead to violations of confidentiality, integrity, and availability of protected information, and exploitation can be carried out locally. **Recommendations** For sudo versions 1.6.0 through 1.7.10p6, update to a version later than 1.7.10p6. For sudo versions 1.8.0 through 1.8.6p6, update to a version later than 1.8.6p6. As a temporary workaround, consider restricting the ability to set the system clock to prevent attackers from manipulating the timestamp.