Strix
26.1K

CVE-2013-1775

UnknownEPSS 3.20%

Last modified

CVE-2013-1775 is a vulnerability of currently unknown severity. sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.. EPSS estimates a 3.20% chance of exploitation in the next 30 days.

Description

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Metrics

EPSS Probability
3.20%

86.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
Todd MillerSudo1.6
Todd MillerSudo1.6.1
Todd MillerSudo1.6.2
Todd MillerSudo1.6.2p3
Todd MillerSudo1.6.3
Todd MillerSudo1.6.3_p7
Todd MillerSudo1.6.4
Todd MillerSudo1.6.4p2
Todd MillerSudo1.6.5
Todd MillerSudo1.6.6
Todd MillerSudo1.6.7
Todd MillerSudo1.6.7p5
Todd MillerSudo1.6.8
Todd MillerSudo1.6.8p12
Todd MillerSudo1.6.9
Todd MillerSudo1.6.9p20
Todd MillerSudo1.6.9p21
Todd MillerSudo1.6.9p22
Todd MillerSudo1.6.9p23
Todd MillerSudo1.8.0
Todd MillerSudo1.8.1
Todd MillerSudo1.8.1p1
Todd MillerSudo1.8.1p2
Todd MillerSudo1.8.2
Todd MillerSudo1.8.3
Todd MillerSudo1.8.3p1
Todd MillerSudo1.8.3p2
Todd MillerSudo1.8.4
Todd MillerSudo1.8.4p1
Todd MillerSudo1.8.4p2
Todd MillerSudo1.8.4p3
Todd MillerSudo1.8.4p4
Todd MillerSudo1.8.4p5
Todd MillerSudo1.8.5
Todd MillerSudo1.8.5p1
Todd MillerSudo1.8.5p2
Todd MillerSudo1.8.5p3
Todd MillerSudo1.8.6
Todd MillerSudo1.8.6p1
Todd MillerSudo1.8.6p2
Todd MillerSudo1.8.6p3
Todd MillerSudo1.8.6p4
Todd MillerSudo1.8.6p5
Todd MillerSudo1.8.6p6
AppleMac Os X<= 10.10.4
Todd MillerSudo1.7.0
Todd MillerSudo1.7.1
Todd MillerSudo1.7.2
Todd MillerSudo1.7.2p1
Todd MillerSudo1.7.2p2

Showing 50 of 80 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-1775?
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
How severe is CVE-2013-1775?
Severity scoring for CVE-2013-1775 is pending analysis. The EPSS model estimates a 3.20% probability of exploitation in the next 30 days.
How do I fix CVE-2013-1775?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-1775?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST