CVE-2011-4966
Published: 12 March 2013
modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
Priority
Status
Package | Release | Status |
---|---|---|
freeradius
Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Released
(2.1.8+dfsg-1ubuntu1.1)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(2.1.10+dfsg-3ubuntu0.12.04.2)
|
|
quantal |
Released
(2.1.12+dfsg-1.1ubuntu0.1)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(2.1.12+dfsg-1.2ubuntu5)
|
|
upstream |
Released
(2.1.12+dfsg-1.2)
|
|
Patches:
upstream: https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 |