SUDO Auth Bypass Vulnerability


Authentication bypass vulnerability has been discovered in sudo utility, the affected versions are Sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 inclusive. The security bug allows an attacker with a physical access to run commands without user’s password. UNIX sudo allows user to execute commands with root privilege which mean full administrator privileges on the system.

Exploiting the vulnerability require some conditions such as authorized user must be included in the legitimate /etc/sudoers , and it is also essential that the operating system be able to change the system time.  If we have these conditions we run “sudo -k” and then setting the clock to the epoch (1970-01-01 01:00:00). Next users will be able to run sudo without having to authenticate.

This vulnerability is fixed in sudo 1.8.6p7 and 1.7.10p7. These versions will ignore a time stamp file that is set to the epoch. Also as a work around you can Use “sudo -K” instead of “sudo -k” to completely remove the time stamp file instead of just resetting it.