CVE-2013-1775
Apple Mac OSX - Sudo Password Bypass
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
7
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
sudo v1.6.0 a la v1.7.10p6 y sudo v1.8.0 a la v1.8.6p6, permite a usuarios locales o físicamente próximos evitar las restricciones de tiempo y mantener los privilegios sin necesidad de reautenticarse, simplemente estableciendo el reloj del sistema y el "timestamp" del usuario sudo.
The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-02-19 CVE Reserved
- 2013-03-04 CVE Published
- 2013-08-26 First Exploit
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/90677 | Vdb Entry | |
| http://support.apple.com/kb/HT5880 | X_refsource_confirm |
|
| http://www.openwall.com/lists/oss-security/2013/02/27/22 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/58203 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/123032 | 2013-08-30 | |
| https://packetstorm.news/files/id/122965 | 2013-08-26 | |
| https://www.exploit-db.com/exploits/27944 | 2013-08-29 | |
| https://www.exploit-db.com/exploits/27965 | 2013-08-30 | |
| https://github.com/bekhzod0725/perl-CVE-2013-1775 | 2017-02-11 | |
| http://www.sudo.ws/repos/sudo/rev/ddf399e3e306 | 2024-08-06 | |
| http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.2p3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.2p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.7p5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.7p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.8 Search vendor "Todd Miller" for product "Sudo" and version "1.6.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.8p12 Search vendor "Todd Miller" for product "Sudo" and version "1.6.8p12" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p20 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p20" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p21 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p21" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p22 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p22" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.9p23 Search vendor "Todd Miller" for product "Sudo" and version "1.6.9p23" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.0 Search vendor "Todd Miller" for product "Sudo" and version "1.8.0" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.1p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.1p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.3p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.3p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p4 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.4p5 Search vendor "Todd Miller" for product "Sudo" and version "1.8.4p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.5 Search vendor "Todd Miller" for product "Sudo" and version "1.8.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.5p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.5p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.5p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.5p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.5p3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.5p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6p1 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6p2 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6p3 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6p4 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6p5 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.8.6p6 Search vendor "Todd Miller" for product "Sudo" and version "1.8.6p6" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | <= 10.10.4 Search vendor "Apple" for product "Mac Os X" and version " <= 10.10.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.0 Search vendor "Todd Miller" for product "Sudo" and version "1.7.0" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.2p7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.2p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.3b1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.3b1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.4p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.4p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.6p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.6p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.7 Search vendor "Todd Miller" for product "Sudo" and version "1.7.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.8p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.8p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.9 Search vendor "Todd Miller" for product "Sudo" and version "1.7.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.9p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.9p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p1 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p2 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p3 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p4 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p5 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.7.10p6 Search vendor "Todd Miller" for product "Sudo" and version "1.7.10p6" | - |
Affected
| ||||||