The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.sudo.ws/sudo/alerts/runas_group_pw.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641 http://www.vuxml.org/freebsd/908f4cf2-1e8b-11e0-a587-001b77d09812.html

The following package is affected: sudo CVE-2011-0010 check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.