{"id":"CVE-2019-10143","details":"It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"","modified":"2026-04-16T01:48:51.886265624Z","published":"2019-05-24T17:29:02.490Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"29"}]},{"cpe":"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"30"}]},{"cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3353"},{"type":"ADVISORY","url":"https://freeradius.org/security/"},{"type":"ADVISORY","url":"https://github.com/FreeRADIUS/freeradius-server/pull/2666"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2019/Nov/14"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freeradius/freeradius-server","events":[{"introduced":"0"},{"last_affected":"ab4c767099f263a7cd4109bcdca80ee74210a769"}],"database_specific":{"cpe":"cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"3.0.19"}]}}],"versions":["branch_4_0_0","first-build","release_0_1_0","release_0_2_0","release_0_3_0","release_0_4_0","release_0_5_0","release_0_6_0","release_0_7_0","release_2_0_0","release_2_0_0_pre1","release_2_0_0_pre2","release_2_0_1","release_2_0_2","release_2_0_3","release_2_0_4","release_2_0_5","release_2_1_0","release_2_1_1","release_2_1_2","release_2_1_3","release_2_1_4","release_2_1_7","release_3.0.8","release_3_0_0","release_3_0_0_beta0","release_3_0_0_beta1","release_3_0_0_rc0","release_3_0_0_rc1","release_3_0_1","release_3_0_10","release_3_0_11","release_3_0_12","release_3_0_13","release_3_0_14","release_3_0_15","release_3_0_16","release_3_0_17","release_3_0_18","release_3_0_19","release_3_0_2","release_3_0_3","release_3_0_4_rc0","release_3_0_4_rc1","release_3_0_4_rc2","release_3_0_5","release_3_0_6","release_3_0_7","release_3_0_8","release_3_0_9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10143.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}