CVE-2019-10143
Public on 2019-05-24
Modified on 2020-10-22
Description
It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | freeradius | 2020-10-22 | ALAS2-2020-1515 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.4 | CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.0 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 6.9 | AV:L/AC:M/Au:N/C:C/I:C/A:C |