FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- Authentication bypass when clock is reset

Affected packages
sudo < 1.8.6.p7

Details

VuXML ID 764344fb-8214-11e2-9273-902b343deec9
Discovery 2013-02-27
Entry 2013-03-01

Todd Miller reports:

The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a greater chance that the logged in user has run sudo before and thus that an attack would succeed.

References

CVE Name CVE-2013-1775
URL http://www.sudo.ws/sudo/alerts/epoch_ticket.html