DSA-2642-1 sudo -- several issuesID: oval:org.secpod.oval:def:600985 | Date: (C)2013-03-14 (M)2023-12-07 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is set to the UNIX epoch [00:00:00 UTC on 1 January 1970]. CVE-2013-1776 Ryan Castellucci and James Ogden discovered aspects of an issue that would allow session id hijacking from another authorized tty.