Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-4966

Published: 12 March 2013

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Priority

Low

Status

Package Release Status
freeradius
Launchpad, Ubuntu, Debian
hardy Ignored
(end of life)
lucid
Released (2.1.8+dfsg-1ubuntu1.1)
oneiric Ignored
(end of life)
precise
Released (2.1.10+dfsg-3ubuntu0.12.04.2)
quantal
Released (2.1.12+dfsg-1.1ubuntu0.1)
raring Ignored
(end of life)
saucy Not vulnerable
(2.1.12+dfsg-1.2ubuntu5)
upstream
Released (2.1.12+dfsg-1.2)
Patches:
upstream: https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605