suse · CVE-2019-10143

Quick triage

Priority: medium Published: 2021-05-30 14:26:39 UTC Updated: 2025-08-14 02:07:41 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-10143 severity moderate: SUSE including 36 source package names (freeradius-3.0.13-15.el7, freeradius-3.0.17-6.module+el8.1.0+3392+9bd8939b, …), 110 product×package rows across 16 product lines (SLES for SAP Applications 11 SP3, SUSE Liberty Linux 7, … (16 product lines)): Known Not Affected 74, Fixed 36.

Description:

It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."

cvelogic Threat Intelligence