Bug#929466: freeradius: CVE-2019-10143: privilege escalation due to insecure logration

Fri, 24 May 2019 07:21:27 -0700 

Maybe attached patch fixes the issue.

Regards,

diff -Nru freeradius-3.0.17+dfsg/debian/changelog freeradius-3.0.17+dfsg/debian/changelog
--- freeradius-3.0.17+dfsg/debian/changelog	2019-04-23 06:23:36.000000000 +0900
+++ freeradius-3.0.17+dfsg/debian/changelog	2019-05-24 22:15:19.000000000 +0900
@@ -1,3 +1,11 @@
+freeradius (3.0.17+dfsg-1.2) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Cherry-Pick upstream commits to fix CVE-2019-10143 (Mitigate
+    privilege escalation due to insecure lotation settings) (Closes: #929466)
+
+ -- Kentaro Hayashi <haya...@clear-code.com>  Fri, 24 May 2019 13:15:19 +0000
+
 freeradius (3.0.17+dfsg-1.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru freeradius-3.0.17+dfsg/debian/freeradius.logrotate freeradius-3.0.17+dfsg/debian/freeradius.logrotate
--- freeradius-3.0.17+dfsg/debian/freeradius.logrotate	2019-04-23 06:23:36.000000000 +0900
+++ freeradius-3.0.17+dfsg/debian/freeradius.logrotate	2019-05-24 22:15:19.000000000 +0900
@@ -9,6 +9,7 @@
 	notifempty
 
 	copytruncate
+	su freerad freerad
 }
 
 # (in order)
@@ -28,6 +29,7 @@
 	notifempty
 
 	nocreate
+	su freerad freerad
 }
 
 # There are different detail-rotating strategies you can use.  One is
@@ -47,4 +49,5 @@
 	notifempty
 
 	nocreate
+	su freerad freerad
 }
diff -Nru freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch
--- freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch	1970-01-01 09:00:00.000000000 +0900
+++ freeradius-3.0.17+dfsg/debian/patches/CVE-2019-10143.patch	2019-05-24 22:15:19.000000000 +0900
@@ -0,0 +1,40 @@
+su to radiusd user/group when rotating logs
+
+The su directive to logrotate ensures that log rotation happens under the
+owner of the logs. Otherwise, logrotate runs as root:root, potentially
+enabling privilege escalation if a RCE is discovered against the
+FreeRADIUS daemon.
+--- a/redhat/freeradius-logrotate
++++ b/redhat/freeradius-logrotate
+@@ -9,6 +9,7 @@
+ missingok
+ compress
+ delaycompress
++su radiusd radiusd
+ 
+ #
+ #  The main server log
+--- a/scripts/logrotate/freeradius
++++ b/scripts/logrotate/freeradius
+@@ -17,6 +17,7 @@
+ 	notifempty
+ 
+ 	copytruncate
++	su radiusd radiusd
+ }
+ 
+ # (in order)
+@@ -34,6 +35,7 @@
+ 	notifempty
+ 
+ 	nocreate
++	su radiusd radiusd
+ }
+ 
+ # There are different detail-rotating strategies you can use.  One is
+@@ -53,4 +55,5 @@
+ 	notifempty
+ 
+ 	nocreate
++	su radiusd radiusd
+ }
diff -Nru freeradius-3.0.17+dfsg/debian/patches/series freeradius-3.0.17+dfsg/debian/patches/series
--- freeradius-3.0.17+dfsg/debian/patches/series	2019-04-23 06:23:36.000000000 +0900
+++ freeradius-3.0.17+dfsg/debian/patches/series	2019-05-24 22:15:19.000000000 +0900
@@ -10,3 +10,4 @@
 snakeoil-certs.diff
 CVE-2019-11234-1.patch
 CVE-2019-11234-2.patch
+CVE-2019-10143.patch

Reply via email to