CVE-2011-4966
Published: 12 March 2013
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
freeradius Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Released
(2.1.8+dfsg-1ubuntu1.1)
|
|
| oneiric |
Ignored
(reached end-of-life)
|
|
| precise |
Released
(2.1.10+dfsg-3ubuntu0.12.04.2)
|
|
| quantal |
Released
(2.1.12+dfsg-1.1ubuntu0.1)
|
|
| raring |
Ignored
(reached end-of-life)
|
|
| saucy |
Not vulnerable
(2.1.12+dfsg-1.2ubuntu5)
|
|
| upstream |
Released
(2.1.12+dfsg-1.2)
|
|
|
Patches: upstream: https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 |
||