English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2019-10143
Description:** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd- writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
Test IDs: 1.3.6.1.4.1.25623.1.0.876517   1.3.6.1.4.1.25623.1.1.2.2019.1763   1.3.6.1.4.1.25623.1.1.2.2019.1747   1.3.6.1.4.1.25623.1.1.2.2019.1674   1.3.6.1.4.1.25623.1.0.876668   1.3.6.1.4.1.25623.1.1.2.2019.2065  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2019-10143
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143
https://github.com/FreeRADIUS/freeradius-server/pull/2666
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/
http://seclists.org/fulldisclosure/2019/Nov/14
http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html
http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html
https://freeradius.org/security/
https://freeradius.org/security/
RedHat Security Advisories: RHSA-2019:3353
https://access.redhat.com/errata/RHSA-2019:3353



© 1998-2025 E-Soft Inc. All rights reserved.