From the upstream advisory: When a user successfully authenticates with sudo, a time stamp file is updated to allow that user to continue running sudo without requiring a password for a preset time period (five minutes by default). The user's time stamp file can be reset using "sudo -k" or removed altogether via "sudo -K". A user who has sudo access and is able to control the local clock (common in desktop environments) can run a command via sudo without authenticating as long as they have previously authenticated themselves at least once by running "sudo -k" and then setting the clock to the epoch (1970-01-01 01:00:00). The vulnerability does not permit a user to run commands other than those allowed by the sudoers policy. This affects versions 1.6.0 through up to the fixed 1.7.10p7 version, and sudo 1.8.0 through to the fixed 1.8.7p7. The fix for 1.7.x: http://www.sudo.ws/repos/sudo/rev/ddf399e3e306 The fix for 1.8.x: http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f External References: http://www.sudo.ws/sudo/alerts/epoch_ticket.html
Created sudo tracking bugs for this issue Affects: fedora-all [bug 916367]
sudo-1.8.6p7-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
sudo-1.8.6p7-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2013:1353 https://rhn.redhat.com/errata/RHSA-2013-1353.html
This issue has been classified as low security impact, because of the following reasons. 1. A user already needs to have sudo access on the target machine. 2. The user needs to have permission to set system clock on the target machine. This is uncommon and may only be used for some desktop configurations. 3. Successful exploitation of this issue, only results in bypass of sudo cache credential timeout, it does not provide any additional privileges to the attacker.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1701 https://rhn.redhat.com/errata/RHSA-2013-1701.html
Statement: (none)