VIR Vulnerability Intelligence Relay

CVE-2013-1775

medium
Published 2013-03-05 · Modified 2026-04-29
CVSS v3
CVSS v2
6.9
VIR risk
6.9

Description

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-1775

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://support.apple.com/kb/HT205031

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.sudo.ws/sudo/alerts/epoch_ticket.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.sudo.ws/repos/sudo/rev/ddf399e3e306

OS impact
OSVersionStatusFixed in
macos macosaffected
debian debianbookwormfixed1.8.5p2-1+nmu1
debian debianbullseyefixed1.8.5p2-1+nmu1
debian debianforkyfixed1.8.5p2-1+nmu1
debian debiansidfixed1.8.5p2-1+nmu1
debian debiantrixiefixed1.8.5p2-1+nmu1

Application impact
VendorProductVersionsFixed
todd_millersudo1.6
todd_millersudo1.6.1
todd_millersudo1.6.2
todd_millersudo1.6.2p3
todd_millersudo1.6.3
todd_millersudo1.6.3_p7
todd_millersudo1.6.4
todd_millersudo1.6.4p2
todd_millersudo1.6.5
todd_millersudo1.6.6
todd_millersudo1.6.7
todd_millersudo1.6.7p5
todd_millersudo1.6.8
todd_millersudo1.6.8p12
todd_millersudo1.6.9
todd_millersudo1.6.9p20
todd_millersudo1.6.9p21
todd_millersudo1.6.9p22
todd_millersudo1.6.9p23
todd_millersudo1.8.0
todd_millersudo1.8.1
todd_millersudo1.8.1p1
todd_millersudo1.8.1p2
todd_millersudo1.8.2
todd_millersudo1.8.3
todd_millersudo1.8.3p1
todd_millersudo1.8.3p2
todd_millersudo1.8.4
todd_millersudo1.8.4p1
todd_millersudo1.8.4p2
todd_millersudo1.8.4p3
todd_millersudo1.8.4p4
todd_millersudo1.8.4p5
todd_millersudo1.8.5
todd_millersudo1.8.5p1
todd_millersudo1.8.5p2
todd_millersudo1.8.5p3
todd_millersudo1.8.6
todd_millersudo1.8.6p1
todd_millersudo1.8.6p2
todd_millersudo1.8.6p3
todd_millersudo1.8.6p4
todd_millersudo1.8.6p5
todd_millersudo1.8.6p6
todd_millersudo1.7.0
todd_millersudo1.7.1
todd_millersudo1.7.2
todd_millersudo1.7.2p1
todd_millersudo1.7.2p2
todd_millersudo1.7.2p3
todd_millersudo1.7.2p4
todd_millersudo1.7.2p5
todd_millersudo1.7.2p6
todd_millersudo1.7.2p7
todd_millersudo1.7.3b1
todd_millersudo1.7.4
todd_millersudo1.7.4p1
todd_millersudo1.7.4p2
todd_millersudo1.7.4p3
todd_millersudo1.7.4p4
todd_millersudo1.7.4p5
todd_millersudo1.7.4p6
todd_millersudo1.7.5
todd_millersudo1.7.6
todd_millersudo1.7.6p1
todd_millersudo1.7.6p2
todd_millersudo1.7.7
todd_millersudo1.7.8
todd_millersudo1.7.8p1
todd_millersudo1.7.8p2
todd_millersudo1.7.9
todd_millersudo1.7.9p1
todd_millersudo1.7.10
todd_millersudo1.7.10p1
todd_millersudo1.7.10p2
todd_millersudo1.7.10p3
todd_millersudo1.7.10p4
todd_millersudo1.7.10p5
todd_millersudo1.7.10p6

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.