16 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-10143
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the...
Oracle Linux 8 : freeradius:3.0 (ELSA-2019-3353)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-3353 advisory. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of t...
NewStart CGSL CORE 5.04 / MAIN 5.04 : freeradius Multiple Vulnerabilities (NS-SA-2021-0037)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freeradius packages installed that are affected by multiple vulnerabilities: - In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BNCTX instance to handle all handshakes. This mean multiple threads...
CentOS 8 : freeradius:3.0 (CESA-2019:3353)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:3353 advisory. - freeradius: privilege escalation due to insecure logrotate configuration CVE-2019-10143 Note that Nessus has not tested for this issue but has instead relied...
Scientific Linux Security Update : freeradius on SL7.x x86_64 (20201001)
Security Fixes : - freeradius: privilege escalation due to insecure logrotate configuration CVE-2019-10143 - freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations CVE-2019-13456 - freeradius: eap-pwd: DoS issues due to multithreaded BNCTX access CVE-2019-17185...
freeradius security update
CentOS Errata and Security Advisory CESA-2020:3984 An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...
CentOS 7 : freeradius (RHSA-2020:3984)
The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3984 advisory. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2019-1747)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2019-2065)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for freeradius (EulerOS-SA-2019-1674)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeRadius 3.0.19 Logrotate Privilege Escalation Vulnerability
Privilege Escalation via Logrotate in FreeRadius Overview Identifier: AIT-SA-20191112-01 Target: FreeRadius Vendor: FreeRadius Version: all versions including 3.0.19 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Author: Wolfgang Hotwagner AIT...
FreeRadius 3.0.19 Logrotate Privilege Escalation
Privilege Escalation via Logrotate in FreeRadius Overview Identifier: AIT-SA-20191112-01 Target: FreeRadius Vendor: FreeRadius Version: all versions including 3.0.19 Fixed in Version: 12.2.3, 12.1.8 and 12.0.8 CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-10143 Accessibility: Local Severity: Low...
EulerOS 2.0 SP5 : freeradius (EulerOS-SA-2019-1674)
According to the version of the freeradius package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to...
Fedora Update for freeradius FEDORA-2019-4a8eeaf80e
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-10143
creationtimestamp| type| source ---|---|--- 2019-05-24 17:53:24+00:00| seen| https://t.me/cvemitreorg/309...
CVE-2019-10143
CVE-2019-10143 affects FreeRADIUS 3.0.x up to and including 3.0.19, where an insecure logrotate configuration can be abused by a local attacker who already has radiusd user control to escalate to root by tricking logrotate into writing a radiusd-writable file into a restricted directory. The upst...