CVE-2013-1775

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

References

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html

http://osvdb.org/90677

http://rhn.redhat.com/errata/RHSA-2013-1353.html

http://rhn.redhat.com/errata/RHSA-2013-1701.html

http://support.apple.com/kb/HT5880

http://www.debian.org/security/2013/dsa-2642

http://www.openwall.com/lists/oss-security/2013/02/27/22

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/58203

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440

http://www.sudo.ws/repos/sudo/rev/ddf399e3e306

http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f

http://www.sudo.ws/sudo/alerts/epoch_ticket.html

http://www.ubuntu.com/usn/USN-1754-1

https://support.apple.com/kb/HT205031

Details

Source: MITRE

Published: 2013-03-05

Updated: 2016-11-28

Type: CWE-264

Risk Information

CVSS v2

Base Score: 6.9

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.4

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.5p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.5p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.5p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.8.6p6:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.10.4 (inclusive)

Configuration 4

OR

cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10p4:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10p5:*:*:*:*:*:*:*

cpe:2.3:a:todd_miller:sudo:1.7.10p6:*:*:*:*:*:*:*

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
91755OracleVM 3.2 : sudo (OVMSA-2016-0079)NessusOracleVM Local Security Checks
medium
8981Mac OS X < 10.10.5 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
high
85408Mac OS X 10.10.x < 10.10.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
80779Oracle Solaris Third-Party Patch Update : sudo (multiple_permissions_privileges_and_access)NessusSolaris Local Security Checks
medium
79173CentOS 6 : sudo (CESA-2013:1701)NessusCentOS Local Security Checks
medium
79154CentOS 5 : sudo (CESA-2013:1353)NessusCentOS Local Security Checks
medium
74928openSUSE Security Update : sudo (openSUSE-SU-2013:0495-1)NessusSuSE Local Security Checks
medium
72078GLSA-201401-23 : sudo: Privilege escalationNessusGentoo Local Security Checks
medium
71399Amazon Linux AMI : sudo (ALAS-2013-259)NessusAmazon Linux Local Security Checks
medium
71300Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20131121)NessusScientific Linux Local Security Checks
medium
71112Oracle Linux 6 : sudo (ELSA-2013-1701)NessusOracle Linux Local Security Checks
medium
71017RHEL 6 : sudo (RHSA-2013:1701)NessusRed Hat Local Security Checks
medium
70392Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20130930)NessusScientific Linux Local Security Checks
medium
70288Oracle Linux 5 : sudo (ELSA-2013-1353)NessusOracle Linux Local Security Checks
medium
70249RHEL 5 : sudo (RHSA-2013:1353)NessusRed Hat Local Security Checks
medium
8008Mac OS X 10.8 < 10.8.5 Multiple Vulnerabilities (Security Update 2013-004)Nessus Network MonitorWeb Clients
critical
69878Mac OS X Multiple Vulnerabilities (Security Update 2013-004)NessusMacOS X Local Security Checks
critical
69877Mac OS X 10.8.x < 10.8.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
66466SuSE 10 Security Update : sudo (ZYPP Patch Number 8562)NessusSuSE Local Security Checks
medium
66464SuSE 11.2 Security Update : sudo (SAT Patch Number 7705)NessusSuSE Local Security Checks
medium
66068Mandriva Linux Security Advisory : sudo (MDVSA-2013:054)NessusMandriva Local Security Checks
high
65619Fedora 17 : sudo-1.8.6p7-1.fc17 (2013-3270)NessusFedora Local Security Checks
medium
65590Fedora 18 : sudo-1.8.6p7-1.fc18 (2013-3297)NessusFedora Local Security Checks
medium
65179Debian DSA-2642-1 : sudo - several issuesNessusDebian Local Security Checks
medium
65060Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : sudo (SSA:2013-065-01)NessusSlackware Local Security Checks
medium
64987FreeBSD : sudo -- Authentication bypass when clock is reset (764344fb-8214-11e2-9273-902b343deec9)NessusFreeBSD Local Security Checks
medium
64969Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : sudo vulnerability (USN-1754-1)NessusUbuntu Local Security Checks
medium