Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2013-1775 |
CWE-ID | CWE-264 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software Subscribe |
Sudo Client/Desktop applications / Software for system administration |
Vendor | Sudo |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU32716
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2013-1775
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to execute arbitrary code.
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
MitigationInstall update from vendor's website.
Vulnerable software versionsSudo: 1.7.10p6 - 1.8.6p6
CPE2.3 External linkshttp://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
http://osvdb.org/90677
http://rhn.redhat.com/errata/RHSA-2013-1353.html
http://rhn.redhat.com/errata/RHSA-2013-1701.html
http://support.apple.com/kb/HT5880
http://www.debian.org/security/2013/dsa-2642
http://www.openwall.com/lists/oss-security/2013/02/27/22
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/58203
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
http://www.sudo.ws/repos/sudo/rev/ddf399e3e306
http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
http://www.ubuntu.com/usn/USN-1754-1
http://support.apple.com/kb/HT205031
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?