CVE-2019-10143: Race Condition
DISPUTED It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
Other sources
A reverse-shell facilitating situation due to insecure logrotate configuration leading to privilege escalation.
— Red Hat
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2019-10143?
CVE-2019-10143 is classified as a medium severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2019-10143?
To fix CVE-2019-10143, update FreeRADIUS to version 3.0.20 or later, or reconfigure logrotate settings to avoid privilege escalation.
Who is affected by CVE-2019-10143?
CVE-2019-10143 affects FreeRADIUS versions up to and including 3.0.19, mainly on systems running Fedora 29, Fedora 30, and Red Hat Enterprise Linux 8.0.
What type of vulnerability is CVE-2019-10143?
CVE-2019-10143 is a local privilege escalation vulnerability that can allow an attacker with access to the radiusd user to gain root access.
What are the consequences of CVE-2019-10143 if exploited?
Exploitation of CVE-2019-10143 could allow a local attacker to escalate privileges and gain unauthorized root access to the affected system.