Lucene search

[email protected]NVD:CVE-2013-1775

HistoryMar 05, 2013 - 9:38 p.m.

CVE-2013-1775

2013-03-0521:38:56

CWE-264

[email protected]

web.nvd.nist.gov

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.3%

JSON

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Affected configurations

NVD

Node

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.2p3

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p7

todd_millersudoMatch1.6.4

todd_millersudoMatch1.6.4p2

todd_millersudoMatch1.6.5

todd_millersudoMatch1.6.6

todd_millersudoMatch1.6.7

todd_millersudoMatch1.6.7p5

todd_millersudoMatch1.6.8

todd_millersudoMatch1.6.8p12

todd_millersudoMatch1.6.9

todd_millersudoMatch1.6.9p20

todd_millersudoMatch1.6.9p21

todd_millersudoMatch1.6.9p22

todd_millersudoMatch1.6.9p23

Node

todd_millersudoMatch1.8.0

todd_millersudoMatch1.8.1

todd_millersudoMatch1.8.1p1

todd_millersudoMatch1.8.1p2

todd_millersudoMatch1.8.2

todd_millersudoMatch1.8.3

todd_millersudoMatch1.8.3p1

todd_millersudoMatch1.8.3p2

todd_millersudoMatch1.8.4

todd_millersudoMatch1.8.4p1

todd_millersudoMatch1.8.4p2

todd_millersudoMatch1.8.4p3

todd_millersudoMatch1.8.4p4

todd_millersudoMatch1.8.4p5

todd_millersudoMatch1.8.5

todd_millersudoMatch1.8.5p1

todd_millersudoMatch1.8.5p2

todd_millersudoMatch1.8.5p3

todd_millersudoMatch1.8.6

todd_millersudoMatch1.8.6p1

todd_millersudoMatch1.8.6p2

todd_millersudoMatch1.8.6p3

todd_millersudoMatch1.8.6p4

todd_millersudoMatch1.8.6p5

todd_millersudoMatch1.8.6p6

Node

applemac_os_xRange≤10.10.4

Node

todd_millersudoMatch1.7.0

todd_millersudoMatch1.7.1

todd_millersudoMatch1.7.2

todd_millersudoMatch1.7.2p1

todd_millersudoMatch1.7.2p2

todd_millersudoMatch1.7.2p3

todd_millersudoMatch1.7.2p4

todd_millersudoMatch1.7.2p5

todd_millersudoMatch1.7.2p6

todd_millersudoMatch1.7.2p7

todd_millersudoMatch1.7.3b1

todd_millersudoMatch1.7.4

todd_millersudoMatch1.7.4p1

todd_millersudoMatch1.7.4p2

todd_millersudoMatch1.7.4p3

todd_millersudoMatch1.7.4p4

todd_millersudoMatch1.7.4p5

todd_millersudoMatch1.7.4p6

todd_millersudoMatch1.7.5

todd_millersudoMatch1.7.6

todd_millersudoMatch1.7.6p1

todd_millersudoMatch1.7.6p2

todd_millersudoMatch1.7.7

todd_millersudoMatch1.7.8

todd_millersudoMatch1.7.8p1

todd_millersudoMatch1.7.8p2

todd_millersudoMatch1.7.9

todd_millersudoMatch1.7.9p1

todd_millersudoMatch1.7.10

todd_millersudoMatch1.7.10p1

todd_millersudoMatch1.7.10p2

todd_millersudoMatch1.7.10p3

todd_millersudoMatch1.7.10p4

todd_millersudoMatch1.7.10p5

todd_millersudoMatch1.7.10p6

References

lists.apple.com/archives/security-announce/2013/Sep/msg00002.html

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

lists.opensuse.org/opensuse-updates/2013-03/msg00066.html

osvdb.org/90677

rhn.redhat.com/errata/RHSA-2013-1353.html

rhn.redhat.com/errata/RHSA-2013-1701.html

support.apple.com/kb/HT5880

www.debian.org/security/2013/dsa-2642

www.openwall.com/lists/oss-security/2013/02/27/22

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/58203

www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440

www.sudo.ws/repos/sudo/rev/ddf399e3e306

www.sudo.ws/repos/sudo/rev/ebd6cc75020f

www.sudo.ws/sudo/alerts/epoch_ticket.html

www.ubuntu.com/usn/USN-1754-1

support.apple.com/kb/HT205031

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for NVD:CVE-2013-1775