FreeBSD : sudo -- local privilege escalation (908f4cf2-1e8b-11e0-a587-001b77d09812)
Medium Nessus Plugin ID 51521
The remote FreeBSD host is missing a security-related update.
Todd Miller reports : Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo's -g option (run as group), if allowed by the sudoers file. A flaw exists in sudo's password checking logic that allows a user to run a command with only the group changed without being prompted for a password.