{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-10143", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T22:10:10.031Z", "dateReserved": "2019-03-27T00:00:00", "datePublished": "2019-05-24T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00"}, "descriptions": [{"lang": "en", "value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""}], "tags": ["disputed"], "affected": [{"vendor": "freeradius", "product": "freeradius", "versions": [{"version": "affects <= 3.0.19", "status": "affected"}]}], "references": [{"name": "FEDORA-2019-4a8eeaf80e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"}, {"name": "FEDORA-2019-9454ce61b2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"}, {"name": "RHSA-2019:3353", "tags": ["vendor-advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3353"}, {"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2019/Nov/14"}, {"url": "https://freeradius.org/security/"}, {"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"}, {"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-266", "cweId": "CWE-266"}]}, {"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-250", "cweId": "CWE-250"}]}]}, "adp": [{"affected": [{"vendor": "freeradius", "product": "freeradius", "cpes": ["cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.19", "versionType": "custom"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "30", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "29", "status": "affected"}]}, {"vendor": "redhat", "product": "enterprise_linux", "cpes": ["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-01T19:23:06.388705Z", "id": "CVE-2019-10143", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:24:21.005Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:10:10.031Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2019-4a8eeaf80e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"}, {"name": "FEDORA-2019-9454ce61b2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"}, {"name": "RHSA-2019:3353", "tags": ["vendor-advisory", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:3353"}, {"name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius", "tags": ["mailing-list", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2019/Nov/14"}, {"url": "https://freeradius.org/security/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143", "tags": ["x_transferred"]}, {"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/", "name": "FEDORA-2019-4a8eeaf80e", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/", "name": "FEDORA-2019-9454ce61b2", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3353", "name": "RHSA-2019:3353", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2019/Nov/14", "name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://freeradius.org/security/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143", "tags": ["x_transferred"]}, {"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:10:10.031Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-10143", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-01T19:23:06.388705Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*"], "vendor": "freeradius", "product": "freeradius", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "3.0.19"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "30"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "29"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"], "vendor": "redhat", "product": "enterprise_linux", "versions": [{"status": "affected", "version": "8.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T19:22:29.947Z"}}], "cna": {"tags": ["disputed"], "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "freeradius", "product": "freeradius", "versions": [{"status": "affected", "version": "affects <= 3.0.19"}]}], "references": [{"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/", "name": "FEDORA-2019-4a8eeaf80e", "tags": ["vendor-advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/", "name": "FEDORA-2019-9454ce61b2", "tags": ["vendor-advisory"]}, {"url": "https://access.redhat.com/errata/RHSA-2019:3353", "name": "RHSA-2019:3353", "tags": ["vendor-advisory"]}, {"url": "http://seclists.org/fulldisclosure/2019/Nov/14", "name": "20191115 [AIT-SA-20191112-01] CVE-2019-10143: Privilege Escalation via Logrotate in FreeRadius", "tags": ["mailing-list"]}, {"url": "https://freeradius.org/security/"}, {"url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"}, {"url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"}], "descriptions": [{"lang": "en", "value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2019-10143", "state": "PUBLISHED", "dateUpdated": "2024-08-04T22:10:10.031Z", "dateReserved": "2019-03-27T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2019-05-24T00:00:00", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*", "matchCriteriaId": "CF3F9C8A-3E21-459D-81CF-3C2617FFCCAD", "versionEndIncluding": "3.0.19", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "secalert@redhat.com", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\""}, {"lang": "es", "value": "** EN DISPUTA **Se encontr\u00f3 que freeradius hasta la versi\u00f3n 3.0.19 incluy\u00e9ndola, no configura correctamente el componente logrotate, lo que permite que un atacante local que ya tiene el control del usuario radiusd escale sus privilegios a root, enga\u00f1ando a logrotate para que escriba un archivo escribible en radiusd en un directorio normalmente inaccesible para el usuario radiusd. NOTA: el mantenedor de software upstream ha declarado que \"simplemente no hay forma de que alguien obtenga privilegios a trav\u00e9s de este supuesto problema\""}], "id": "CVE-2019-10143", "lastModified": "2024-08-04T22:15:19.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-24T17:29:02.490", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/155361/FreeRadius-3.0.19-Logrotate-Privilege-Escalation.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2019/Nov/14"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3353"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10143"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://freeradius.org/security/"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/FreeRADIUS/freeradius-server/pull/2666"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6VKBZAZKJP5QKXDXRKCM2ZPZND3TFAX/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}, {"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3984", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "freeradius-0:3.0.13-15.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2019:3353", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "freeradius:3.0-8010020190614154208.16b3ab4d", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-11-05T00:00:00Z"}], "bugzilla": {"description": "freeradius: privilege escalation due to insecure logrotate configuration", "id": "1705340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705340"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "(CWE-266|CWE-250)", "details": ["It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated \"there is simply no way for anyone to gain privileges through this alleged issue.\"", "It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user."], "mitigation": {"lang": "en:us", "value": "Add `su radiusd:radiusd` to all log sections in /etc/logrotate.d/radiusd.\nBy keeping SELinux in \"Enforcing\" mode, radiusd user will be limited in the directories he can write to."}, "name": "CVE-2019-10143", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "freeradius2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freeradius", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2019-05-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10143\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10143"], "threat_severity": "Moderate"}