Product:

Freeradius

(Freeradius)
Repositories https://github.com/alandekok/freeradius-server
#Vulnerabilities 47
Date Id Summary Products Score Patch Annotated
2007-01-05 CVE-2007-0080 Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute Freeradius N/A
2019-05-24 CVE-2019-10143 It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." Fedora, Freeradius, Enterprise_linux 7.0