MGASA-2020-0007
- Source
- https://advisories.mageia.org/MGASA-2020-0007.html
- Import Source
- https://advisories.mageia.org/MGASA-2020-0007.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2020-0007
- Related
- Published
- 2020-01-05T15:37:51Z
- Modified
- 2020-01-05T15:10:34Z
- Summary
- Updated freeradius packages fix security vulnerabilities
- Details
-
Updated freeradius packages fix security vulnerabilities:
It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user (CVE-2019-10143).
An information leak was discovered in the implementation of EAP-pwd in freeradius. An attacker could initiate several EAP-pwd handshakes to leak information, which can then be used to recover the user's WiFi password by performing dictionary and brute-force attacks (CVE-2019-13456).
Denial of service issues due to multithreaded BN_CTX access (CVE-2019-17185).
- References
-
- https://advisories.mageia.org/MGASA-2020-0007.html
- https://bugs.mageia.org/show_bug.cgi?id=25907
- https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TKODLHHUOVAYENTBP4D3N25ST3Q6LJBP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/USTITI4A3TVUX3SGO7TJCJ4WWFBZFWLZ/
- Credits
-
-
- Mageia - COORDINATOR
-