There are few prerequisites for the attack to work: the user much be listed in the /etc/sudoers file; must have successfully authenticated to execute a sudo command once; and it must be possible for users to modify the system time without entering a password.

If all the above conditions are met, user can reset the timestamp by executing sudo –k and then change the system time to epoch 1 am on 1 January 1970. This will allow the user to execute any commands to which he/she has access to according to the /etc/sudoers file without having to enter the password. Time preferences in Mac OS X are normally accessible to regular users and this is where the vulnerability may be exploited the most. “The vulnerability does not permit a user to run commands other than those allowed by the sudoers policy”, reads the vulnerability alert.

Sudo, for those who are not aware, is a utility / command used in Unix-like systems to execute other commands with privileges of another user. The same command is also used in quite a few Linux distributions and Mac OS X by regular users to perform administrative tasks without having to login to the system as root user. Users, once authentication, are usually (for five minutes) not asked for re-authentication.

The Sudo versions that are affected by this vulnerability are 1.6.0 through to 1.7.10p6; 1.8.0 through to 1.8.6p6. Versions fixing the vulnerability have already been made available – 1.7.10p7 and 1.8.6p7. Up until Apple ships an update, Mac OS X is vulnerable as it comes with sudo version 1.7.4p6.

In the Linux and Unix world, it is always diligent to create users without root privileges to carry out day to day tasks thereby reducing the attack surface for hackers.