Published: 12/03/2013 Updated: 19/03/2013

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

modules/rlm_unix/rlm_unix.c in FreeRADIUS prior to 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeradius freeradius 2.1.4
freeradius freeradius 2.1.12
freeradius freeradius 0.2
freeradius freeradius 0.4
freeradius freeradius 1.0.1
freeradius freeradius 1.0.2
freeradius freeradius 1.1.3
freeradius freeradius 1.1.5
freeradius freeradius 2.1.2
freeradius freeradius
freeradius freeradius 2.1.3
freeradius freeradius 0.1
freeradius freeradius 2.0.4
freeradius freeradius 2.1.9
freeradius freeradius 0.8.1
freeradius freeradius 0.9.3
freeradius freeradius 1.0.0
freeradius freeradius 0.9.1
freeradius freeradius 1.1.2
freeradius freeradius 1.1.4
freeradius freeradius 1.1.8
freeradius freeradius 0.6
freeradius freeradius 1.1.6
freeradius freeradius 2.1.10
freeradius freeradius 2.1.7
freeradius freeradius 0.8
freeradius freeradius 0.9
freeradius freeradius 2.0.1
freeradius freeradius 2.0
freeradius freeradius 1.0.4
freeradius freeradius 1.0.5
freeradius freeradius 1.1.0
freeradius freeradius 0.7.1
freeradius freeradius 2.1.1
freeradius freeradius 2.0.2
freeradius freeradius 2.0.5
freeradius freeradius 2.1.11
freeradius freeradius 2.1.8
freeradius freeradius 2.1.6
freeradius freeradius 0.3
freeradius freeradius 0.5
freeradius freeradius 0.9.2
freeradius freeradius 1.0.3
freeradius freeradius 1.1.7
freeradius freeradius 1.1.1
freeradius freeradius 0.7
freeradius freeradius 0.9.0
freeradius freeradius 2.0.3
freeradius freeradius 2.1.0

Synopsis Low: freeradius2 security and bug fix update Type/Severity Security Advisory: Low Topic Updated freeradius2 packages that fix one security issue and multiple bugsare now available for Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having lowsecurity impact A ...

Debian Bug report logs - #694407 freeradius: CVE-2011-4966 Package: freeradius; Maintainer for freeradius is Debian FreeRADIUS Packaging Team <pkg-freeradius-maintainers@listsaliothdebianorg>; Source for freeradius is src:freeradius (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Mon, ...

Several security issues were fixed in FreeRADIUS ...

CWE-255 http://rhn.redhat.com/errata/RHBA-2012-0881.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00079.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00029.html http://rhn.redhat.com/errata/RHSA-2013-0134.html https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 https://access.redhat.com/errata/RHSA-2013:0134 https://usn.ubuntu.com/2122-1/https://nvd.nist.gov

CVE-2011-4966

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect