Multiple vulnerabilities were discovered in Gentoo's systemd unit for FreeRADIUS which could lead to root privilege escalation.
Package | net-dialup/freeradius on all architectures |
---|---|
Affected versions | < 3.0.20-r1 |
Unaffected versions | >= 3.0.20-r1 |
FreeRADIUS is a modular, high performance free RADIUS suite.
It was discovered that Gentoo’s FreeRADIUS systemd unit set permissions on an unsafe directory on start.
A local attacker could escalate privileges.
There is no known workaround at this time.
All FreeRADIUS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-3.0.20-r1"
Release date
January 26, 2021
Latest revision
January 26, 2021: 1
Severity
normal
Exploitable
local
Bugzilla entries