Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1775

CWE-26413 documents11 sources
Severity
6.9MEDIUM
EPSS
8.1%
top 7.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple MAC OS XTodd Miller Sudo
Timeline
PublishedMar 5
Latest updateMay 17

Description

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages3 packages

Debiansudo< 1.8.5p2-1+nmu1+3
NVDtodd_miller/sudo79 versions+78
NVDapple/mac_os_x10.10.4

Patches

Patch: www.sudo.wsPatch: www.sudo.wsPatch: www.sudo.ws

🔴Vulnerability Details

3
GHSA
GHSA-3f5j-4h2q-jfx9: sudo 12022-05-17
OSV
CVE-2013-1775: sudo 12013-03-05
CVEList
CVE-2013-1775: sudo 12013-03-04

💥Exploits & PoCs

3
Exploit-DB
Apple Mac OSX 10.8.4 - Local Privilege Escalation2013-08-30
Exploit-DB
Apple Mac OSX - Sudo Password Bypass (Metasploit)2013-08-29
Metasploit
Mac OS X Sudo Password Bypass

📋Vendor Advisories

4
Ubuntu
Sudo vulnerability2013-02-28
Red Hat
sudo: authentication bypass via reset system clock2013-02-27
Debian
CVE-2013-1775: sudo - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or...2013
Apple
CVE-2013-1775: OS X Yosemite v10.10.5 and Security Update 2015-006

💬Community

2
Bugzilla
CVE-2013-1775 CVE-2013-1776 sudo various flaws [fedora-all]2013-02-27
Bugzilla
CVE-2013-1775 sudo: authentication bypass via reset system clock2013-02-27
CVE-2013-1775 (MEDIUM CVSS 6.9) | sudo 1.6.0 through 1.7.10p6 and sud | cvebase.io