Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Security Impact Summary

CVE-2013-1775 is a security vulnerability that . Impacting 2 products from todd_miller, from apple organizations running these solutions should prioritize assessment and patching.

Historical Context

Documented in 2013, this vulnerability occurred amid the cloud computing expansion era, where traditional network perimeter security models were being reevaluated. Organizations were transitioning from isolated infrastructure to interconnected systems, creating new attack surfaces that vulnerabilities like this could exploit.

Published

2013-03-05T21:38:56.293

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	todd_miller	sudo	1.6	Yes
Application	todd_miller	sudo	1.6.1	Yes
Application	todd_miller	sudo	1.6.2	Yes
Application	todd_miller	sudo	1.6.2p3	Yes
Application	todd_miller	sudo	1.6.3	Yes
Application	todd_miller	sudo	1.6.3_p7	Yes
Application	todd_miller	sudo	1.6.4	Yes
Application	todd_miller	sudo	1.6.4p2	Yes
Application	todd_miller	sudo	1.6.5	Yes
Application	todd_miller	sudo	1.6.6	Yes
Application	todd_miller	sudo	1.6.7	Yes
Application	todd_miller	sudo	1.6.7p5	Yes
Application	todd_miller	sudo	1.6.8	Yes
Application	todd_miller	sudo	1.6.8p12	Yes
Application	todd_miller	sudo	1.6.9	Yes
Application	todd_miller	sudo	1.6.9p20	Yes
Application	todd_miller	sudo	1.6.9p21	Yes
Application	todd_miller	sudo	1.6.9p22	Yes
Application	todd_miller	sudo	1.6.9p23	Yes
Application	todd_miller	sudo	1.8.0	Yes
Application	todd_miller	sudo	1.8.1	Yes
Application	todd_miller	sudo	1.8.1p1	Yes
Application	todd_miller	sudo	1.8.1p2	Yes
Application	todd_miller	sudo	1.8.2	Yes
Application	todd_miller	sudo	1.8.3	Yes
Application	todd_miller	sudo	1.8.3p1	Yes
Application	todd_miller	sudo	1.8.3p2	Yes
Application	todd_miller	sudo	1.8.4	Yes
Application	todd_miller	sudo	1.8.4p1	Yes
Application	todd_miller	sudo	1.8.4p2	Yes
Application	todd_miller	sudo	1.8.4p3	Yes
Application	todd_miller	sudo	1.8.4p4	Yes
Application	todd_miller	sudo	1.8.4p5	Yes
Application	todd_miller	sudo	1.8.5	Yes
Application	todd_miller	sudo	1.8.5p1	Yes
Application	todd_miller	sudo	1.8.5p2	Yes
Application	todd_miller	sudo	1.8.5p3	Yes
Application	todd_miller	sudo	1.8.6	Yes
Application	todd_miller	sudo	1.8.6p1	Yes
Application	todd_miller	sudo	1.8.6p2	Yes
Application	todd_miller	sudo	1.8.6p3	Yes
Application	todd_miller	sudo	1.8.6p4	Yes
Application	todd_miller	sudo	1.8.6p5	Yes
Application	todd_miller	sudo	1.8.6p6	Yes
Operating System	apple	mac_os_x	≤ 10.10.4	Yes
Application	todd_miller	sudo	1.7.0	Yes
Application	todd_miller	sudo	1.7.1	Yes
Application	todd_miller	sudo	1.7.2	Yes
Application	todd_miller	sudo	1.7.2p1	Yes
Application	todd_miller	sudo	1.7.2p2	Yes
Application	todd_miller	sudo	1.7.2p3	Yes
Application	todd_miller	sudo	1.7.2p4	Yes
Application	todd_miller	sudo	1.7.2p5	Yes
Application	todd_miller	sudo	1.7.2p6	Yes
Application	todd_miller	sudo	1.7.2p7	Yes
Application	todd_miller	sudo	1.7.3b1	Yes
Application	todd_miller	sudo	1.7.4	Yes
Application	todd_miller	sudo	1.7.4p1	Yes
Application	todd_miller	sudo	1.7.4p2	Yes
Application	todd_miller	sudo	1.7.4p3	Yes
Application	todd_miller	sudo	1.7.4p4	Yes
Application	todd_miller	sudo	1.7.4p5	Yes
Application	todd_miller	sudo	1.7.4p6	Yes
Application	todd_miller	sudo	1.7.5	Yes
Application	todd_miller	sudo	1.7.6	Yes
Application	todd_miller	sudo	1.7.6p1	Yes
Application	todd_miller	sudo	1.7.6p2	Yes
Application	todd_miller	sudo	1.7.7	Yes
Application	todd_miller	sudo	1.7.8	Yes
Application	todd_miller	sudo	1.7.8p1	Yes
Application	todd_miller	sudo	1.7.8p2	Yes
Application	todd_miller	sudo	1.7.9	Yes
Application	todd_miller	sudo	1.7.9p1	Yes
Application	todd_miller	sudo	1.7.10	Yes
Application	todd_miller	sudo	1.7.10p1	Yes
Application	todd_miller	sudo	1.7.10p2	Yes
Application	todd_miller	sudo	1.7.10p3	Yes
Application	todd_miller	sudo	1.7.10p4	Yes
Application	todd_miller	sudo	1.7.10p5	Yes
Application	todd_miller	sudo	1.7.10p6	Yes

References

http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html ([email protected])
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html ([email protected])
http://osvdb.org/90677 ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1353.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2013-1701.html ([email protected])
http://support.apple.com/kb/HT5880 ([email protected])
http://www.debian.org/security/2013/dsa-2642 ([email protected])
http://www.openwall.com/lists/oss-security/2013/02/27/22 ([email protected])
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html ([email protected])
http://www.securityfocus.com/bid/58203 ([email protected])
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440 ([email protected])
http://www.sudo.ws/repos/sudo/rev/ddf399e3e306 Exploit, Patch ([email protected])
http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f Exploit, Patch ([email protected])
http://www.sudo.ws/sudo/alerts/epoch_ticket.html Vendor Advisory ([email protected])
http://www.ubuntu.com/usn/USN-1754-1 ([email protected])
https://support.apple.com/kb/HT205031 Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/90677 (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1353.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2013-1701.html (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT5880 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2013/dsa-2642 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2013/02/27/22 (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/58203 (af854a3a-2127-422b-91ae-364da2661108)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440 (af854a3a-2127-422b-91ae-364da2661108)
http://www.sudo.ws/repos/sudo/rev/ddf399e3e306 Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f Exploit, Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.sudo.ws/sudo/alerts/epoch_ticket.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1754-1 (af854a3a-2127-422b-91ae-364da2661108)
https://support.apple.com/kb/HT205031 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For todd_miller's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.