Описание
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
Меры по смягчению последствий
Add su radiusd:radiusd to all log sections in /etc/logrotate.d/radiusd.
By keeping SELinux in "Enforcing" mode, radiusd user will be limited in the directories he can write to.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | freeradius | Out of support scope | ||
| Red Hat Enterprise Linux 5 | freeradius2 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | freeradius | Out of support scope | ||
| Red Hat Enterprise Linux 7 | freeradius | Fixed | RHSA-2020:3984 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | freeradius | Fixed | RHSA-2019:3353 | 05.11.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
It was discovered freeradius up to and including version 3.0.19 does n ...
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
ELSA-2019-3353: freeradius:3.0 security and bug fix update (MODERATE)
EPSS
6.4 Medium
CVSS3