Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a directory normally inaccessible by the radiusd user. NOTE: the upstream software maintainer has stated "there is simply no way for anyone to gain privileges through this alleged issue."
CVSS Information
N/A
Vulnerability Type
特权授予不正确
Vulnerability Title
FreeRADIUS 竞争条件问题漏洞
Vulnerability Description
FreeRADIUS是Freeradius Server项目的一套实现了RADIUS协议的软件。该软件主要用于账户认证管理、记账管理和上网账户管理等。 FreeRADIUS 3.0.19及之前版本中存在竞争条件问题漏洞,该漏洞源于程序没有正确配置logrotate工具。本地攻击者可利用该漏洞将权限提升至root。
CVSS Information
N/A
Vulnerability Type
N/A