Red Hat Bugzilla – Bug 466732
CVE-2008-4474 freeradius: dialupadmin insecure temporary file usage
Last modified: 2016-03-04 07:19:04 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4474 to the following vulnerability:
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite
arbitrary files via a symlink attack on temporary files in (1) backup_radacct,
(2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5)
Upstream bugreport with the patch:
This issue affects freeradius 2.x packages as shipped in Fedora 9 and Rawhide. Prior to freeradius 2.0, dialupadmin subpackage was not created and shipped. Some issues also affect dialupadmin versions as bundled with freeradius 1.x sources / source RPMs, but those were never distributed as official Fedora / Red Hat Enterprise Linux (binary) packages.
This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 3, 4, or 5.
New packages for F-9 and F-10 have been built and pushed which remove the dialupadmin subpackages. dialupadmin was never present in RHEL and will not be added to any future RHEL version.
From my perspective this can now be closed. Do you agree?
We usually try to close only after updates actually make it to stable, so feel free to close once updates get pushed.
Just out of curiosity, may I ask why packages in different Fedora versions use different release numbers, even though they seem to come from the same sources (-3.fc11, -4.fc10, -5.fc9). It seems that you actually bumped the release intentionally after syncing changes from F-X to F-(X-1). Why's that? It's not needed and can only break upgrade paths (-5.fc9 is newer than -4.fc10).
dialupadmin subpackage was dropped from Fedora freeradius packages, updated freeradius packages pushed to stable via: