Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4966

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-4966
Last Modified 19 Mar 2013 08:35:28
Published 12 Mar 2013 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-4966

Summary

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Vulnerable Systems

Application

  • Freeradius

  • Freeradius 0.1

  • Freeradius 0.2

  • Freeradius 0.3

  • Freeradius 0.4

  • Freeradius 0.5

  • Freeradius 0.6

  • Freeradius 0.7

  • Freeradius 0.7.1

  • Freeradius 0.8

  • Freeradius 0.8.1

  • Freeradius 0.9

  • Freeradius 0.9.0

  • Freeradius 0.9.1

  • Freeradius 0.9.2

  • Freeradius 0.9.3

  • Freeradius 1.0.0

  • Freeradius 1.0.1

  • Freeradius 1.0.2

  • Freeradius 1.0.3

  • Freeradius 1.0.4

  • Freeradius 1.0.5

  • Freeradius 1.1.0

  • Freeradius 1.1.1

  • Freeradius 1.1.2

  • Freeradius 1.1.3

  • Freeradius 1.1.4

  • Freeradius 1.1.5

  • Freeradius 1.1.6

  • Freeradius 1.1.7

  • Freeradius 1.1.8

  • Freeradius 2.0

  • Freeradius 2.0.1

  • Freeradius 2.0.2

  • Freeradius 2.0.3

  • Freeradius 2.0.4

  • Freeradius 2.0.5

  • Freeradius 2.1.0

  • Freeradius 2.1.1

  • Freeradius 2.1.10

  • Freeradius 2.1.11

  • Freeradius 2.1.12

  • Freeradius 2.1.2

  • Freeradius 2.1.3

  • Freeradius 2.1.4

  • Freeradius 2.1.6

  • Freeradius 2.1.7

  • Freeradius 2.1.8

  • Freeradius 2.1.9

  • Freeradius 2.2.0


References

CONFIRM - https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605

REDHAT - RHSA-2013:0134

MISC - http://rhn.redhat.com/errata/RHBA-2012-0881.html

SUSE - openSUSE-SU-2013:0191

SUSE - openSUSE-SU-2013:0137

Related Patches

Red Hat 2013:0134-01 RHSA Low: freeradius2 security and bug fix update for RHEL 5 x86


Last Updated: 27 May 2016 11:02:04