ID CVE-2011-4966
Summary modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.
References
Vulnerable Configurations
  • cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.0.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freeradius:freeradius:2.2.0:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 19-03-2013 - 12:35)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 810605
    title Segfault with freeradius-perl threading
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment freeradius is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881005
        • comment freeradius is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881006
      • AND
        • comment freeradius-krb5 is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881015
        • comment freeradius-krb5 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881016
      • AND
        • comment freeradius-ldap is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881019
        • comment freeradius-ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881020
      • AND
        • comment freeradius-mysql is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881011
        • comment freeradius-mysql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881012
      • AND
        • comment freeradius-perl is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881013
        • comment freeradius-perl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881014
      • AND
        • comment freeradius-postgresql is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881021
        • comment freeradius-postgresql is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881022
      • AND
        • comment freeradius-python is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881017
        • comment freeradius-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881018
      • AND
        • comment freeradius-unixODBC is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881007
        • comment freeradius-unixODBC is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881008
      • AND
        • comment freeradius-utils is earlier than 0:2.1.12-3.el6
          oval oval:com.redhat.rhba:tst:20120881009
        • comment freeradius-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20120881010
    rhsa
    released 2012-06-19
    severity None
    title RHBA-2012:0881: freeradius bug fix and enhancement update (None)
  • bugzilla
    id 879045
    title CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment freeradius2 is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134002
        • comment freeradius2 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327003
      • AND
        • comment freeradius2-krb5 is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134006
        • comment freeradius2-krb5 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327009
      • AND
        • comment freeradius2-ldap is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134004
        • comment freeradius2-ldap is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327013
      • AND
        • comment freeradius2-mysql is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134014
        • comment freeradius2-mysql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327007
      • AND
        • comment freeradius2-perl is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134016
        • comment freeradius2-perl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327017
      • AND
        • comment freeradius2-postgresql is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134010
        • comment freeradius2-postgresql is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327019
      • AND
        • comment freeradius2-python is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134012
        • comment freeradius2-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327015
      • AND
        • comment freeradius2-unixODBC is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134008
        • comment freeradius2-unixODBC is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327011
      • AND
        • comment freeradius2-utils is earlier than 0:2.1.12-5.el5
          oval oval:com.redhat.rhsa:tst:20130134018
        • comment freeradius2-utils is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20121327005
    rhsa
    id RHSA-2013:0134
    released 2013-01-08
    severity Low
    title RHSA-2013:0134: freeradius2 security and bug fix update (Low)
rpms
  • freeradius-0:2.1.12-3.el6
  • freeradius-krb5-0:2.1.12-3.el6
  • freeradius-ldap-0:2.1.12-3.el6
  • freeradius-mysql-0:2.1.12-3.el6
  • freeradius-perl-0:2.1.12-3.el6
  • freeradius-postgresql-0:2.1.12-3.el6
  • freeradius-python-0:2.1.12-3.el6
  • freeradius-unixODBC-0:2.1.12-3.el6
  • freeradius-utils-0:2.1.12-3.el6
  • freeradius2-0:2.1.12-5.el5
  • freeradius2-krb5-0:2.1.12-5.el5
  • freeradius2-ldap-0:2.1.12-5.el5
  • freeradius2-mysql-0:2.1.12-5.el5
  • freeradius2-perl-0:2.1.12-5.el5
  • freeradius2-postgresql-0:2.1.12-5.el5
  • freeradius2-python-0:2.1.12-5.el5
  • freeradius2-unixODBC-0:2.1.12-5.el5
  • freeradius2-utils-0:2.1.12-5.el5
refmap via4
confirm https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605
misc http://rhn.redhat.com/errata/RHBA-2012-0881.html
suse
  • openSUSE-SU-2013:0137
  • openSUSE-SU-2013:0191
Last major update 19-03-2013 - 12:35
Published 12-03-2013 - 23:55
Back to Top