Posted by: David Harley | August 30, 2013

Sudo Voodoo

A sudo authentication bypass vulnerability reported back in March has gained a little traction with the release by Metasploit of a module that makes it easier to exploit on Macs.

The original vulnerability, as described in CVE CVE-2013-1775, involves bypassing time restrictions and retaining privileges by resetting the system clock. It was not restricted to OS X, and was fixed in sudo 1.8.6p7 and 1.7.10p7, but according to an article by Dan Goodin for Ars Technica, OS X versions 10.7 to 10.8.4 remain vulnerable. In fact, it can only be exploited in principle if the attacker already has physical or remote shell access to the target machine and sufficient privileges.

However, HD Moore is quoted by Goodin as saying that “…it allows any user-level compromise to become root…”

David Harley
Small Blue-Green World
ESET Senior Research Fellow

Advertisements

Responses

  1. Can you please provide guidance on how to remove this nightmare from you computer? Not sure that this is what I have, but having files on my mac that are dated years before I had the machine makes me wonder. Any help is greatly appreciated.

    • There are a range of reasons why file dates might seem anomalous that have nothing to do with CVE-2013-1775. If you’re having other issues with the system, I’m afraid you need to contact a support forum or even a support specialist. Unfortunately, I’m not resourced to offer one-to-one support nowadays. Sorry.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: