Ubuntu Security Notice (C) 2010-2013 Canonical, Inc. / NASL script (C) 2010-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Markus Wuethrich discovered that sudo did not always verify the user
when a group was specified in the Runas_Spec. A local attacker could
exploit this to execute arbitrary code as root if sudo was configured
to allow the attacker to use a program as a group when the attacker
was not a part of that group.
Update the affected sudo and / or sudo-ldap packages.
Risk factor :
Medium / CVSS Base Score : 6.2
Family: Ubuntu Local Security Checks
Nessus Plugin ID: 49140 ()
CVE ID: CVE-2010-2956