VDB
GCVE-110-MAGEIA-2020-7
GCVE-110-MAGEIA-2020-7
Advisory Published
Updated freeradius packages fix security vulnerabilities:
It was discovered freeradius does not correctly configure logrotate,
allowing a local attacker who already has control of the radiusd user to
escalate his privileges to root, by tricking logrotate into writing a
radiusd-writable file to a directory normally inaccessible by the radiusd
user (CVE-2019-10143).
An information leak was discovered in the implementation of EAP-pwd in
freeradius. An attacker could initiate several EAP-pwd handshakes to leak
information, which can then be used to recover the user's WiFi password by
performing dictionary and brute-force attacks (CVE-2019-13456).
Denial of service issues due to multithreaded BN_CTX access
(CVE-2019-17185).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | darktable | 0 (affected), 2.6.3-1.mga7 (unaffected) | — |
| Mageia | freeradius | 0 (affected), 3.0.20-1.mga7 (unaffected), 0 (affected), 3.0.20-1.mga7 (unaffected) | — |
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.