Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-10143

Опубликовано: 24 мая 2019
Источник: nvd
CVSS3: 6.4
CVSS3: 7
CVSS2: 6.9
EPSS Низкий

Описание

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
Версия до 3.0.19 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 23%
0.00077
Низкий

6.4 Medium

CVSS3

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-250
CWE-362

Связанные уязвимости

ubuntu логотип

CVE-2019-10143

CVSS3: 7
ubuntu
больше 6 лет назад

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."

redhat логотип

CVE-2019-10143

CVSS3: 6.4
redhat
больше 6 лет назад

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."

debian логотип

CVE-2019-10143

CVSS3: 7
debian
больше 6 лет назад

It was discovered freeradius up to and including version 3.0.19 does n ...

github логотип

GHSA-5x22-w79m-34gq

CVSS3: 7
github
больше 3 лет назад

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.

oracle-oval логотип

ELSA-2019-3353

oracle-oval
около 6 лет назад

ELSA-2019-3353: freeradius:3.0 security and bug fix update (MODERATE)

EPSS

Процентиль: 23%
0.00077
Низкий

6.4 Medium

CVSS3

7 High

CVSS3

6.9 Medium

CVSS2

Дефекты

CWE-250
CWE-362