Описание
ELSA-2019-3353: freeradius:3.0 security and bug fix update (MODERATE)
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module freeradius:3.0 is enabled
freeradius
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-devel
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-doc
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-krb5
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-ldap
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-mysql
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-perl
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-postgresql
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-rest
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-sqlite
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-unixODBC
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-utils
3.0.17-6.module+el8.1.0+5424+14f3dc7c
Oracle Linux x86_64
Module freeradius:3.0 is enabled
freeradius
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-devel
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-doc
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-krb5
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-ldap
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-mysql
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-perl
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-postgresql
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-rest
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-sqlite
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-unixODBC
3.0.17-6.module+el8.1.0+5424+14f3dc7c
freeradius-utils
3.0.17-6.module+el8.1.0+5424+14f3dc7c
Связанные CVE
Связанные уязвимости
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
It was discovered freeradius up to and including version 3.0.19 does n ...
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.