Exploit the possiblities
Showing 1 - 11 of 11 RSS Feed

CVE-2013-1775

Status Candidate

Overview

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Related Files

Apple Security Advisory 2015-08-13-2
Posted Aug 13, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-08-13-2 - OS X Yosemite 10.10.5 and Security Update 2015-006 is now available and addresses vulnerabilities in Apache, the OD plug-in, IOBluetoothHCIController, and more.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2009-5044, CVE-2009-5078, CVE-2012-6685, CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2013-7040, CVE-2013-7338, CVE-2013-7422, CVE-2014-0067, CVE-2014-0106, CVE-2014-0191, CVE-2014-1912, CVE-2014-3581, CVE-2014-3583, CVE-2014-3613, CVE-2014-3620, CVE-2014-3660, CVE-2014-3707, CVE-2014-7185, CVE-2014-7844, CVE-2014-8109, CVE-2014-8150, CVE-2014-8151, CVE-2014-8161, CVE-2014-8767, CVE-2014-8769
MD5 | 4a5d37a22b2a5dc65f8821a63540e1c6
Gentoo Linux Security Advisory 201401-23
Posted Jan 22, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-23 - Multiple vulnerabilities have been found in sudo which could result in privilege escalation. Versions less than 1.8.6_p7 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777
MD5 | 3857c7aa1151d30e4fc3cefdf8f1c4fa
Red Hat Security Advisory 2013-1701-02
Posted Nov 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1701-02 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2013-1775, CVE-2013-2776, CVE-2013-2777
MD5 | 3166e25caaad9e3b4dbb2e7ef0ff600b
Red Hat Security Advisory 2013-1353-01
Posted Oct 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1353-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password.

tags | advisory, local, root
systems | linux, redhat
advisories | CVE-2013-1775, CVE-2013-1776, CVE-2013-2776
MD5 | bbc4bba7d2cd06746dbf59243ebb91f7
Mac OS X 10.8.4 Local Privilege Escalation
Posted Aug 30, 2013
Authored by David Kennedy

Mac OS X versions 10.8.4 and below local root privilege escalation exploit written in Python.

tags | exploit, local, root, python
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
MD5 | 8a8a4379f218aceef346e60421e30d68
Mac OS X Sudo Password Bypass
Posted Aug 26, 2013
Authored by Todd C. Miller, juan vazquez, joev | Site metasploit.com

This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.

tags | exploit, root
systems | apple, osx
advisories | CVE-2013-1775, OSVDB-90677
MD5 | c576a86d9ee4a93abc0dde1445edcab8
Mandriva Linux Security Advisory 2013-054
Posted Apr 7, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-054 - A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers. sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2337, CVE-2013-1775, CVE-2013-1776
MD5 | dfead7a98a30d8a1fd5649a857071f2a
Mandriva Linux Security Advisory 2013-026
Posted Mar 19, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-026 - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically-proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. Sudo before 1.8.6p7 allows a malicious user to run commands via sudo without authenticating, so long as there exists a terminal the user has access to where a sudo command was successfully run by that same user within the password timeout period. The updated packages have been patched to correct these issues.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2013-1775, CVE-2013-1776
MD5 | a2e5e049f9aee6ec6abd63797bac8dd4
Debian Security Advisory 2642-1
Posted Mar 9, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2642-1 - Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.

tags | advisory, root, vulnerability
systems | linux, debian
advisories | CVE-2013-1775, CVE-2013-1776
MD5 | b8c8a6e2271fd90f51c9ef329b2a1aef
Slackware Security Advisory - sudo Updates
Posted Mar 8, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New sudo packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Related CVE Numbers: CVE-2013-1775,CVE-2013-1776.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-1775, CVE-2013-1776
MD5 | 8dec22558085b255a941891213a4d98e
Ubuntu Security Notice USN-1754-1
Posted Feb 28, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1754-1 - Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2013-1775
MD5 | 4193e1a3602621cb1b67b6c0ed5ea93f
Page 1 of 1
Back1Next

File Archive:

December 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    15 Files
  • 2
    Dec 2nd
    2 Files
  • 3
    Dec 3rd
    1 Files
  • 4
    Dec 4th
    15 Files
  • 5
    Dec 5th
    15 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    17 Files
  • 8
    Dec 8th
    15 Files
  • 9
    Dec 9th
    13 Files
  • 10
    Dec 10th
    4 Files
  • 11
    Dec 11th
    41 Files
  • 12
    Dec 12th
    44 Files
  • 13
    Dec 13th
    25 Files
  • 14
    Dec 14th
    15 Files
  • 15
    Dec 15th
    28 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close