What is the severity of CVE-2013-1775?

CVE-2013-1775 has been rated as a moderate severity vulnerability due to its potential for privilege escalation by local attackers.

How do I fix CVE-2013-1775?

To fix CVE-2013-1775, update to a patched version of sudo, specifically versions 1.7.10p7 or higher, or 1.8.7 or higher.

Who is affected by CVE-2013-1775?

CVE-2013-1775 affects local users or physically proximate attackers using affected versions of sudo from 1.6.0 to 1.8.6p6.

What is the impact of CVE-2013-1775?

The impact of CVE-2013-1775 allows attackers to bypass time restrictions on sudo and retain elevated privileges without re-authenticating.

Is there a workaround for CVE-2013-1775?

A temporary workaround for CVE-2013-1775 involves disabling the use of timestamps in sudo by setting 'timestamp_timeout=0' in the sudoers file.

Vulnerability/
CVE-2013-1775

medium

6.9

CWE

264

4/3/2013

6/8/2024

CVE-2013-1775

First published: Mon Mar 04 2013(Updated: )

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Sudo	=1.6
Sudo	=1.6.1
Sudo	=1.6.2
Sudo	=1.6.2p3
Sudo	=1.6.3
Sudo	=1.6.3_p7
Sudo	=1.6.4
Sudo	=1.6.4p2
Sudo	=1.6.5
Sudo	=1.6.6
Sudo	=1.6.7
Sudo	=1.6.7p5
Sudo	=1.6.8
Sudo	=1.6.8p12
Sudo	=1.6.9
Sudo	=1.6.9p20
Sudo	=1.6.9p21
Sudo	=1.6.9p22
Sudo	=1.6.9p23
Sudo	=1.8.0
Sudo	=1.8.1
Sudo	=1.8.1p1
Sudo	=1.8.1p2
Sudo	=1.8.2
Sudo	=1.8.3
Sudo	=1.8.3p1
Sudo	=1.8.3p2
Sudo	=1.8.4
Sudo	=1.8.4p1
Sudo	=1.8.4p2
Sudo	=1.8.4p3
Sudo	=1.8.4p4
Sudo	=1.8.4p5
Sudo	=1.8.5
Sudo	=1.8.5p1
Sudo	=1.8.5p2
Sudo	=1.8.5p3
Sudo	=1.8.6
Sudo	=1.8.6p1
Sudo	=1.8.6p2
Sudo	=1.8.6p3
Sudo	=1.8.6p4
Sudo	=1.8.6p5
Sudo	=1.8.6p6
Apple iOS and macOS	<=10.10.4
Sudo	=1.7.0
Sudo	=1.7.1
Sudo	=1.7.2
Sudo	=1.7.2p1
Sudo	=1.7.2p2
Sudo	=1.7.2p3
Sudo	=1.7.2p4
Sudo	=1.7.2p5
Sudo	=1.7.2p6
Sudo	=1.7.2p7
Sudo	=1.7.3b1
Sudo	=1.7.4
Sudo	=1.7.4p1
Sudo	=1.7.4p2
Sudo	=1.7.4p3
Sudo	=1.7.4p4
Sudo	=1.7.4p5
Sudo	=1.7.4p6
Sudo	=1.7.5
Sudo	=1.7.6
Sudo	=1.7.6p1
Sudo	=1.7.6p2
Sudo	=1.7.7
Sudo	=1.7.8
Sudo	=1.7.8p1
Sudo	=1.7.8p2
Sudo	=1.7.9
Sudo	=1.7.9p1
Sudo	=1.7.10
Sudo	=1.7.10p1
Sudo	=1.7.10p2
Sudo	=1.7.10p3
Sudo	=1.7.10p4
Sudo	=1.7.10p5
Sudo	=1.7.10p6

Remedy

http://www.sudo.ws/repos/sudo/rev/ddf399e3e306

Remedy

http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1775?
CVE-2013-1775 has been rated as a moderate severity vulnerability due to its potential for privilege escalation by local attackers.
How do I fix CVE-2013-1775?
To fix CVE-2013-1775, update to a patched version of sudo, specifically versions 1.7.10p7 or higher, or 1.8.7 or higher.
Who is affected by CVE-2013-1775?
CVE-2013-1775 affects local users or physically proximate attackers using affected versions of sudo from 1.6.0 to 1.8.6p6.
What is the impact of CVE-2013-1775?
The impact of CVE-2013-1775 allows attackers to bypass time restrictions on sudo and retain elevated privileges without re-authenticating.
Is there a workaround for CVE-2013-1775?
A temporary workaround for CVE-2013-1775 involves disabling the use of timestamps in sudo by setting 'timestamp_timeout=0' in the sudoers file.

agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/references
agent/last-modified-date
agent/author
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/todd miller
canonical/sudo
version/sudo/1.6
version/sudo/1.6.1
version/sudo/1.6.2
version/sudo/1.6.2p3
version/sudo/1.6.3
version/sudo/1.6.3_p7
version/sudo/1.6.4
version/sudo/1.6.4p2
version/sudo/1.6.5
version/sudo/1.6.6
version/sudo/1.6.7
version/sudo/1.6.7p5
version/sudo/1.6.8
version/sudo/1.6.8p12
version/sudo/1.6.9
version/sudo/1.6.9p20
version/sudo/1.6.9p21
version/sudo/1.6.9p22
version/sudo/1.6.9p23
version/sudo/1.8.0
version/sudo/1.8.1
version/sudo/1.8.1p1
version/sudo/1.8.1p2
version/sudo/1.8.2
version/sudo/1.8.3
version/sudo/1.8.3p1
version/sudo/1.8.3p2
version/sudo/1.8.4
version/sudo/1.8.4p1
version/sudo/1.8.4p2
version/sudo/1.8.4p3
version/sudo/1.8.4p4
version/sudo/1.8.4p5
version/sudo/1.8.5
version/sudo/1.8.5p1
version/sudo/1.8.5p2
version/sudo/1.8.5p3
version/sudo/1.8.6
version/sudo/1.8.6p1
version/sudo/1.8.6p2
version/sudo/1.8.6p3
version/sudo/1.8.6p4
version/sudo/1.8.6p5
version/sudo/1.8.6p6
vendor/apple
canonical/apple ios and macos
version/apple ios and macos/10.10.4
version/sudo/1.7.0
version/sudo/1.7.1
version/sudo/1.7.2
version/sudo/1.7.2p1
version/sudo/1.7.2p2
version/sudo/1.7.2p3
version/sudo/1.7.2p4
version/sudo/1.7.2p5
version/sudo/1.7.2p6
version/sudo/1.7.2p7
version/sudo/1.7.3b1
version/sudo/1.7.4
version/sudo/1.7.4p1
version/sudo/1.7.4p2
version/sudo/1.7.4p3
version/sudo/1.7.4p4
version/sudo/1.7.4p5
version/sudo/1.7.4p6
version/sudo/1.7.5
version/sudo/1.7.6
version/sudo/1.7.6p1
version/sudo/1.7.6p2
version/sudo/1.7.7
version/sudo/1.7.8
version/sudo/1.7.8p1
version/sudo/1.7.8p2
version/sudo/1.7.9
version/sudo/1.7.9p1
version/sudo/1.7.10
version/sudo/1.7.10p1
version/sudo/1.7.10p2
version/sudo/1.7.10p3
version/sudo/1.7.10p4
version/sudo/1.7.10p5
version/sudo/1.7.10p6

CVE-2013-1775

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1775?

How do I fix CVE-2013-1775?

Who is affected by CVE-2013-1775?

What is the impact of CVE-2013-1775?

Is there a workaround for CVE-2013-1775?

Company

Resources

Contact