Multiple vulnerabilities were discovered in Gentoo's systemd unit for FreeRADIUS which could lead to root privilege escalation.
|Package||net-dialup/freeradius on all architectures|
|Affected versions||< 3.0.20-r1|
|Unaffected versions||>= 3.0.20-r1|
FreeRADIUS is a modular, high performance free RADIUS suite.
It was discovered that Gentoo’s FreeRADIUS systemd unit set permissions on an unsafe directory on start.
A local attacker could escalate privileges.
There is no known workaround at this time.
All FreeRADIUS users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/freeradius-3.0.20-r1"
January 26, 2021
January 26, 2021: 1