A vulnerability in sudo – a program that manages user privileges on certain types of systems – could allow an unauthenticated user to execute commands for about five minutes, without entering a password.
The problem, which has since been fixed, previously existed in builds 1.6.0 through 1.7.10p6 and 1.8.0 through 1.8.6p6 of sudo. The program is usually found in Unix-based Linux and Mac OS X systems.
According to an alert on its site, Sudo claims the vulnerable five minute time period stems from a time stamp that usually authorizes users to run the program after they’ve authenticated. The bug, discovered by German researcher Marco Schoepl last week, involves tricking the system’s clock by setting it to the epoch reference date 1970-01-01 01:00:00. Attackers could have access to the clock if a user leaves their sudo system open to date/time changes or if the battery is completely drained. From there they can use “sudo –k” kill syntax to reset the time stamp file and execute commands without a password prompt.
Canonical, working with Ubuntu, publicized the vulnerability (CVE-2013-1775) last week after it was posted to Seclists.org’s Full Disclosure lists by sudo developer Todd Miller.
New versions of sudo, 1.8.6p7 and 1.7.10p7, fix the vulnerability and going forward the program will ignore any time stamps set to epoch.