PT-2013-1248 · Sudo+4 · Sudo+4

Marco Schoepl

Published

2013-03-04

Updated

2024-06-15

CVE-2013-1775

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.0 through 1.7.10p6 sudo versions 1.8.0 through 1.8.6p6

Description The issue allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Multiple vulnerabilities in the sudo package can lead to violations of confidentiality, integrity, and availability of protected information, and exploitation can be carried out locally.

Recommendations For sudo versions 1.6.0 through 1.7.10p6, update to a version later than 1.7.10p6. For sudo versions 1.8.0 through 1.8.6p6, update to a version later than 1.8.6p6. As a temporary workaround, consider restricting the ability to set the system clock to prevent attackers from manipulating the timestamp.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2017-1056

BDU:2015-09732

CESA-2013_1701

CVE-2013-1775

DSA-2642-1

OPENSUSE-SU-2024:10551-1

RHSA-2013:1353

RHSA-2013:1701

RHSA-2013_1353

RHSA-2013_1701

SUSE-SU-2013_0793-1

SUSE-SU-2013_1594-1

SUSE-SU-2013_1595-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Sudo

PT-2013-1248 · Sudo+4 · Sudo+4

CVE-2013-1775

Weakness Enumeration

Related Identifiers

Affected Products

References · 36