ID CVE-2011-4966
Summary modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
References
Vulnerable Configurations
  • cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 19-03-2013 - 12:35)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 810605
    title Segfault with freeradius-perl threading
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment freeradius is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881001
          • comment freeradius is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881002
        • AND
          • comment freeradius-krb5 is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881003
          • comment freeradius-krb5 is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881004
        • AND
          • comment freeradius-ldap is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881005
          • comment freeradius-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881006
        • AND
          • comment freeradius-mysql is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881007
          • comment freeradius-mysql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881008
        • AND
          • comment freeradius-perl is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881009
          • comment freeradius-perl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881010
        • AND
          • comment freeradius-postgresql is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881011
          • comment freeradius-postgresql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881012
        • AND
          • comment freeradius-python is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881013
          • comment freeradius-python is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881014
        • AND
          • comment freeradius-unixODBC is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881015
          • comment freeradius-unixODBC is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881016
        • AND
          • comment freeradius-utils is earlier than 0:2.1.12-3.el6
            oval oval:com.redhat.rhba:tst:20120881017
          • comment freeradius-utils is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhba:tst:20120881018
    rhsa
    id RHBA-2012:0881
    released 2012-06-20
    severity Low
    title RHBA-2012:0881: freeradius bug fix and enhancement update (Low)
  • bugzilla
    id 879045
    title CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • comment freeradius2 is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134001
          • comment freeradius2 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327002
        • AND
          • comment freeradius2-krb5 is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134003
          • comment freeradius2-krb5 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327004
        • AND
          • comment freeradius2-ldap is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134005
          • comment freeradius2-ldap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327006
        • AND
          • comment freeradius2-mysql is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134007
          • comment freeradius2-mysql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327008
        • AND
          • comment freeradius2-perl is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134009
          • comment freeradius2-perl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327010
        • AND
          • comment freeradius2-postgresql is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134011
          • comment freeradius2-postgresql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327012
        • AND
          • comment freeradius2-python is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134013
          • comment freeradius2-python is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327014
        • AND
          • comment freeradius2-unixODBC is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134015
          • comment freeradius2-unixODBC is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327016
        • AND
          • comment freeradius2-utils is earlier than 0:2.1.12-5.el5
            oval oval:com.redhat.rhsa:tst:20130134017
          • comment freeradius2-utils is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20121327018
    rhsa
    id RHSA-2013:0134
    released 2013-01-08
    severity Low
    title RHSA-2013:0134: freeradius2 security and bug fix update (Low)
rpms
  • freeradius-0:2.1.12-3.el6
  • freeradius-debuginfo-0:2.1.12-3.el6
  • freeradius-krb5-0:2.1.12-3.el6
  • freeradius-ldap-0:2.1.12-3.el6
  • freeradius-mysql-0:2.1.12-3.el6
  • freeradius-perl-0:2.1.12-3.el6
  • freeradius-postgresql-0:2.1.12-3.el6
  • freeradius-python-0:2.1.12-3.el6
  • freeradius-unixODBC-0:2.1.12-3.el6
  • freeradius-utils-0:2.1.12-3.el6
  • freeradius2-0:2.1.12-5.el5
  • freeradius2-debuginfo-0:2.1.12-5.el5
  • freeradius2-krb5-0:2.1.12-5.el5
  • freeradius2-ldap-0:2.1.12-5.el5
  • freeradius2-mysql-0:2.1.12-5.el5
  • freeradius2-perl-0:2.1.12-5.el5
  • freeradius2-postgresql-0:2.1.12-5.el5
  • freeradius2-python-0:2.1.12-5.el5
  • freeradius2-unixODBC-0:2.1.12-5.el5
  • freeradius2-utils-0:2.1.12-5.el5
refmap via4
confirm https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605
misc http://rhn.redhat.com/errata/RHBA-2012-0881.html
suse
  • openSUSE-SU-2013:0137
  • openSUSE-SU-2013:0191
Last major update 19-03-2013 - 12:35
Published 12-03-2013 - 23:55
Last modified 19-03-2013 - 12:35
Back to Top