CVE-2019-10143

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: freeradius versions up to and including 3.0.19

Description: The issue is related to the incorrect configuration of logrotate in freeradius, potentially allowing a local attacker who already has control of the radiusd user to escalate their privileges to root. This could be achieved by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. However, the upstream software maintainer has disputed this claim, stating that there is no way for anyone to gain privileges through this alleged issue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-250CWE-266

Related Identifiers

ALT-PU-2020-1496

CESA-2019_3353

CESA-2020_3984

CVE-2019-10143

MGASA-2020-0007

RHSA-2019:3353

RHSA-2019_3353

RHSA-2020:3984

RHSA-2020_3984

Affected Products

Alt Linux

Centos

Debian

Freeradius

Red Hat

CVE-2019-10143

Weakness Enumeration

Related Identifiers

Affected Products

References · 27