CVE-2013-1775

Mac OS X Sudo Password Bypass

Title source: metasploit
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2013-1775. PoCs published by David Kennedy (ReL1K), Metasploit, bekhzod0725, including Metasploit module exploits/osx/local/sudo_password_bypass.

AI-analyzed exploit summary This exploit leverages a local privilege escalation vulnerability in OSX <= 10.8.4 by manipulating the system time to bypass sudo authentication, then spawns a reverse shell to a specified IP and port.

Description

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Exploits (5)

exploitdb WORKING POC VERIFIED
by David Kennedy (ReL1K) · pythonlocalosx
https://www.exploit-db.com/exploits/27965

This exploit leverages a local privilege escalation vulnerability in OSX <= 10.8.4 by manipulating the system time to bypass sudo authentication, then spawns a reverse shell to a specified IP and port.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: macOS <= 10.8.4
No auth needed
Prerequisites: Local access to the target system · Network connectivity to the attacker's machine
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalosx
https://www.exploit-db.com/exploits/27944

This Metasploit module exploits CVE-2013-1775, a sudo vulnerability on Mac OS X, by resetting the system clock to bypass password authentication for users in the admin group. It checks for vulnerable sudo versions and user privileges before executing the exploit.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sudo versions 1.6.0-1.7.10p6 and 1.8.0-1.8.6p6 on Mac OS X
Auth required
Prerequisites: User must be in the admin group · User must have previously run sudo · Vulnerable sudo version must be present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by bekhzod0725 · poc
https://github.com/bekhzod0725/perl-CVE-2013-1775

This Perl script exploits CVE-2013-1775, a local privilege escalation vulnerability in Apple Mac OSX <= 10.8.4. It manipulates the system date to bypass sudo authentication and establishes a reverse shell to a specified IP and port.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Apple Mac OSX <= 10.8.4
No auth needed
Prerequisites: Local access to the target system · Perl installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Todd C. Miller, joev, juan vazquez · rubypocosx
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/local/sudo_password_bypass.rb

This Metasploit module exploits CVE-2013-1775, a sudo password bypass vulnerability on Mac OS X. It manipulates the system clock to 1970-01-01 to bypass sudo authentication for users in the admin group who have previously used sudo.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sudo versions 1.6.0-1.7.10p6 and 1.8.0-1.8.6p6 on Mac OS X
Auth required
Prerequisites: User must be in the admin group · User must have previously run sudo · Date/Time preferences must not be locked
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1701.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1353.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58203
Exploit, Patch x_refsource_confirm
http://www.sudo.ws/repos/sudo/rev/ddf399e3e306
Vendor Advisory x_refsource_confirm
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/90677
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2642
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1754-1
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/27/22
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031
Exploit, Patch x_refsource_confirm
http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880

Scores

EPSS 0.0320
EPSS Percentile 86.4%

Details

CWE
CWE-264
Status published
Products (50)
apple/mac_os_x < 10.10.4
todd_miller/sudo 1.6
todd_miller/sudo 1.6.1
todd_miller/sudo 1.6.2
todd_miller/sudo 1.6.2p3
todd_miller/sudo 1.6.3
todd_miller/sudo 1.6.3_p7
todd_miller/sudo 1.6.4
todd_miller/sudo 1.6.4p2
todd_miller/sudo 1.6.5
... and 40 more
Published Mar 05, 2013
Tracked Since Feb 18, 2026