FreeBSD : sudo -- certain authorized users could run commands as any user (13d6d997-f455-11dd-8516-001b77d09812)
Medium Nessus Plugin ID 35613
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionTodd Miller reports :
A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies.
SolutionUpdate the affected package.