ID CVE-2019-10143
Summary ** DISPUTED ** It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
References
Vulnerable Configurations
  • cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:beta0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:beta0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:rc0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.4:rc2:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.4:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.7:rc0:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.7:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:3.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:3.0.19:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 30-09-2020 - 14:22)
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 1705340
title CVE-2019-10143 freeradius: privilege escalation due to insecure logrotate configuration
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 8 is installed
      oval oval:com.redhat.rhba:tst:20193384074
    • comment Module freeradius:3.0 is enabled
      oval oval:com.redhat.rhsa:tst:20191142027
    • OR
      • AND
        • comment freeradius is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353001
        • comment freeradius is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881002
      • AND
        • comment freeradius-debugsource is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353003
        • comment freeradius-debugsource is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191142004
      • AND
        • comment freeradius-devel is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353005
        • comment freeradius-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171581004
      • AND
        • comment freeradius-doc is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353007
        • comment freeradius-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171581006
      • AND
        • comment freeradius-krb5 is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353009
        • comment freeradius-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881004
      • AND
        • comment freeradius-ldap is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353011
        • comment freeradius-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881006
      • AND
        • comment freeradius-mysql is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353013
        • comment freeradius-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881008
      • AND
        • comment freeradius-perl is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353015
        • comment freeradius-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881010
      • AND
        • comment freeradius-postgresql is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353017
        • comment freeradius-postgresql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881012
      • AND
        • comment freeradius-rest is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353019
        • comment freeradius-rest is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20191142020
      • AND
        • comment freeradius-sqlite is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353021
        • comment freeradius-sqlite is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171581020
      • AND
        • comment freeradius-unixODBC is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353023
        • comment freeradius-unixODBC is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881016
      • AND
        • comment freeradius-utils is earlier than 0:3.0.17-6.module+el8.1.0+3392+9bd8939b
          oval oval:com.redhat.rhsa:tst:20193353025
        • comment freeradius-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881018
rhsa
id RHSA-2019:3353
released 2019-11-05
severity Moderate
title RHSA-2019:3353: freeradius:3.0 security and bug fix update (Moderate)
rpms
  • freeradius-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-debugsource-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-devel-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-doc-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-krb5-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-krb5-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-ldap-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-ldap-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-mysql-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-mysql-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-perl-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-perl-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-postgresql-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-postgresql-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-rest-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-rest-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-sqlite-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-sqlite-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-unixODBC-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-unixODBC-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-utils-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-utils-debuginfo-0:3.0.17-6.module+el8.1.0+3392+9bd8939b
  • freeradius-0:3.0.13-15.el7
  • freeradius-debuginfo-0:3.0.13-15.el7
  • freeradius-devel-0:3.0.13-15.el7
  • freeradius-doc-0:3.0.13-15.el7
  • freeradius-krb5-0:3.0.13-15.el7
  • freeradius-ldap-0:3.0.13-15.el7
  • freeradius-mysql-0:3.0.13-15.el7
  • freeradius-perl-0:3.0.13-15.el7
  • freeradius-postgresql-0:3.0.13-15.el7
  • freeradius-python-0:3.0.13-15.el7
  • freeradius-sqlite-0:3.0.13-15.el7
  • freeradius-unixODBC-0:3.0.13-15.el7
  • freeradius-utils-0:3.0.13-15.el7
refmap via4
confirm
fedora
  • FEDORA-2019-4a8eeaf80e
  • FEDORA-2019-9454ce61b2
fulldisc 20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius
misc
Last major update 30-09-2020 - 14:22
Published 24-05-2019 - 17:29
Last modified 30-09-2020 - 14:22
Back to Top