Metasploit Module Adds Sudo Vulnerability for OS X

Attackers looking to exploit a previously disclosed and apparently still unpatched bug in sudo, a Unix-based Linux command found in most Apple OS X builds have gotten a little more help this week.

As Threatpost reported in March, the vulnerability (CVE-2013-1775) can essentially set back the compromised system’s clock to January 1, 1970, also known as the epoch, so the attacker can be granted access to the machine without entering a password.

Sudo manages user privileges on several types of systems, including versions of OS X from Lion 10.7 to Mountain Lion 10.8.4, as well as several Linux distributions.

Metasploit, the penetration testing software that makes it easier to exploit vulnerabilities, added a module this week that makes exploiting the sudo vulnerability less difficult.

Developed by the folks over at Rapid 7, the Metasploit tool has proved invaluable for security researchers who investigate flaws and “pen test” software.

The module “gains a session with root permissions” as long as the user has run the sudo command before and as long as they have administrative privileges, according to a Packet Storm Security post Monday by sudo developer Todd Miller, Rapid 7’s Joe Vennix and Metasploit developer Juan Vazquez.

In addition to the previously mentioned conditions, they of course must have physical or remote access on top of admin access to the machine, making execution of the bug even less likely.

Miller previously reported that Sudo 1.8.6p7 and 1.7.10p7 fixed the bug and made it so future versions would ignore the epoch time stamp, in a Seclists post in February but this module appears to circumvent that.