Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Freeradius
(Freeradius)Repositories | https://github.com/alandekok/freeradius-server |
#Vulnerabilities | 47 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2007-01-05 | CVE-2007-0080 | Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party and the vendor, who states that exploitation is limited "only to local administrators who have write access to the server configuration files." CVE concurs with the dispute | Freeradius | N/A | ||
2019-05-24 | CVE-2019-10143 | It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue." | Fedora, Freeradius, Enterprise_linux | 7.0 |