CVE-2011-4966

Severity

60%

Complexity

68%

Confidentiality

106%

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

CVSS 2.0 Base Score 6. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:S/C:P/I:P/A:P).

Overview

Type

FreeRADIUS

First reported 11 years ago

2013-03-12 23:55:00

Last updated 11 years ago

2013-03-19 12:35:00

Affected Software

FreeRADIUS 0.1

0.1

FreeRADIUS 0.2

0.2

FreeRADIUS 0.3

0.3

FreeRADIUS 0.4

0.4

FreeRADIUS 0.5

0.5

FreeRADIUS 0.6

0.6

FreeRADIUS 0.7

0.7

FreeRADIUS 0.7.1

0.7.1

FreeRADIUS 0.8

0.8

FreeRADIUS 0.8.1

0.8.1

FreeRADIUS 0.9.0

0.9.0

FreeRADIUS 0.9.1

0.9.1

FreeRADIUS 0.9.2

0.9.2

FreeRADIUS 0.9.3

0.9.3

FreeRADIUS 1.0.0

1.0.0

FreeRADIUS 1.0.1

1.0.1

FreeRADIUS 1.0.2

1.0.2

FreeRADIUS 1.0.3

1.0.3

FreeRADIUS 1.0.4

1.0.4

FreeRADIUS 1.0.5

1.0.5

FreeRADIUS 1.1.0

1.1.0

FreeRADIUS 1.1.1

1.1.1

FreeRADIUS 1.1.2

1.1.2

FreeRADIUS 1.1.3

1.1.3

FreeRADIUS 1.1.4

1.1.4

FreeRADIUS 1.1.5

1.1.5

FreeRADIUS 1.1.6

1.1.6

FreeRADIUS 1.1.7

1.1.7

FreeRADIUS 1.1.8

1.1.8

FreeRADIUS 2.0

2.0

FreeRADIUS 2.0.1

2.0.1

FreeRADIUS 2.0.2

2.0.2

FreeRADIUS 2.0.3

2.0.3

FreeRADIUS 2.0.4

2.0.4

FreeRADIUS 2.0.5

2.0.5

FreeRADIUS 2.1.0

2.1.0

FreeRADIUS 2.1.1

2.1.1

FreeRADIUS 2.1.2

2.1.2

FreeRADIUS 2.1.3

2.1.3

FreeRADIUS 2.1.4

2.1.4

FreeRADIUS 2.1.6

2.1.6

FreeRADIUS 2.1.7

2.1.7

FreeRADIUS 2.1.8

2.1.8

FreeRADIUS 2.1.9

2.1.9

FreeRADIUS 2.1.10

2.1.10

FreeRADIUS 2.1.11

2.1.11

FreeRADIUS 2.1.12

2.1.12

References

openSUSE-SU-2013:0137

openSUSE-SU-2013:0191

http://rhn.redhat.com/errata/RHBA-2012-0881.html

RHSA-2013:0134

Patch, Vendor Advisory

https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.