freeradius: privilege escalation due to insecure logrotate configuration (CVE-2019-10143)
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user.
References:
- https://github.com/FreeRADIUS/freeradius-server/pull/2666
- https://nvd.nist.gov/vuln/detail/CVE-2019-10143
Patch:
https://github.com/FreeRADIUS/freeradius-server/commit/1f233773962bf1a9c2d228a180eacddb9db2d574
Affected branches:
-
master -
3.10-stable -
3.9-stable -
3.8-stable -
3.7-stable