CVE-2013-1775

NONE EPSS 86.6%
Published Mar 5, 201313y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 5, 2013 13y ago
Last Modified Jun 16, 2026 2w ago

Description

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Threat Intelligence

EPSS Exploit Probability
86.6% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-264

Affected Products 80

VendorProductVersionRange
todd_millersudo1.6any
todd_millersudo1.6.1any
todd_millersudo1.6.2any
todd_millersudo1.6.2p3any
todd_millersudo1.6.3any
todd_millersudo1.6.3_p7any
todd_millersudo1.6.4any
todd_millersudo1.6.4p2any
todd_millersudo1.6.5any
todd_millersudo1.6.6any
todd_millersudo1.6.7any
todd_millersudo1.6.7p5any
todd_millersudo1.6.8any
todd_millersudo1.6.8p12any
todd_millersudo1.6.9any
todd_millersudo1.6.9p20any
todd_millersudo1.6.9p21any
todd_millersudo1.6.9p22any
todd_millersudo1.6.9p23any
todd_millersudo1.8.0any
todd_millersudo1.8.1any
todd_millersudo1.8.1p1any
todd_millersudo1.8.1p2any
todd_millersudo1.8.2any
todd_millersudo1.8.3any
todd_millersudo1.8.3p1any
todd_millersudo1.8.3p2any
todd_millersudo1.8.4any
todd_millersudo1.8.4p1any
todd_millersudo1.8.4p2any
todd_millersudo1.8.4p3any
todd_millersudo1.8.4p4any
todd_millersudo1.8.4p5any
todd_millersudo1.8.5any
todd_millersudo1.8.5p1any
todd_millersudo1.8.5p2any
todd_millersudo1.8.5p3any
todd_millersudo1.8.6any
todd_millersudo1.8.6p1any
todd_millersudo1.8.6p2any
todd_millersudo1.8.6p3any
todd_millersudo1.8.6p4any
todd_millersudo1.8.6p5any
todd_millersudo1.8.6p6any
applemac_os_x* ≤10.10.4
todd_millersudo1.7.0any
todd_millersudo1.7.1any
todd_millersudo1.7.2any
todd_millersudo1.7.2p1any
todd_millersudo1.7.2p2any
todd_millersudo1.7.2p3any
todd_millersudo1.7.2p4any
todd_millersudo1.7.2p5any
todd_millersudo1.7.2p6any
todd_millersudo1.7.2p7any
todd_millersudo1.7.3b1any
todd_millersudo1.7.4any
todd_millersudo1.7.4p1any
todd_millersudo1.7.4p2any
todd_millersudo1.7.4p3any
todd_millersudo1.7.4p4any
todd_millersudo1.7.4p5any
todd_millersudo1.7.4p6any
todd_millersudo1.7.5any
todd_millersudo1.7.6any
todd_millersudo1.7.6p1any
todd_millersudo1.7.6p2any
todd_millersudo1.7.7any
todd_millersudo1.7.8any
todd_millersudo1.7.8p1any
todd_millersudo1.7.8p2any
todd_millersudo1.7.9any
todd_millersudo1.7.9p1any
todd_millersudo1.7.10any
todd_millersudo1.7.10p1any
todd_millersudo1.7.10p2any
todd_millersudo1.7.10p3any
todd_millersudo1.7.10p4any
todd_millersudo1.7.10p5any
todd_millersudo1.7.10p6any

References 17

  • lists.apple.com http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
  • osvdb.org http://osvdb.org/90677
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1353.html
  • rhn.redhat.com http://rhn.redhat.com/errata/RHSA-2013-1701.html
  • support.apple.com http://support.apple.com/kb/HT5880
  • debian.org http://www.debian.org/security/2013/dsa-2642
  • openwall.com http://www.openwall.com/lists/oss-security/2013/02/27/22
  • oracle.com http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
  • securityfocus.com http://www.securityfocus.com/bid/58203
  • slackware.com http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440
  • sudo.ws http://www.sudo.ws/repos/sudo/rev/ddf399e3e306
    ExploitPatch
  • sudo.ws http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f
    ExploitPatch
  • sudo.ws http://www.sudo.ws/sudo/alerts/epoch_ticket.html
    Vendor Advisory
  • ubuntu.com http://www.ubuntu.com/usn/USN-1754-1
  • support.apple.com https://support.apple.com/kb/HT205031
    Vendor Advisory

Remediation

  • sudo.ws http://www.sudo.ws/repos/sudo/rev/ddf399e3e306
    ExploitPatch
  • sudo.ws http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f
    ExploitPatch