FreeBSD : sudo -- Authentication bypass when clock is reset (764344fb-8214-11e2-9273-902b343deec9)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Todd Miller reports :

The flaw may allow someone with physical access to a machine that is
not password-protected to run sudo commands without knowing the logged
in user's password. On systems where sudo is the principal way of
running commands as root, such as on Ubuntu and Mac OS X, there is a
greater chance that the logged in user has run sudo before and thus
that an attack would succeed.

See also :

http://www.sudo.ws/sudo/alerts/epoch_ticket.html
http://www.nessus.org/u?a68d7d3f

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 64987 ()

Bugtraq ID:

CVE ID: CVE-2013-1775

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now