CVE-2011-4966

Publication date 12 March 2013

Last updated 24 July 2024

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
freeradius	13.10 saucy	Not affected
	13.04 raring	Ignored end of life
	12.10 quantal	Fixed 2.1.12+dfsg-1.1ubuntu0.1
	12.04 LTS precise	Fixed 2.1.10+dfsg-3ubuntu0.12.04.2
	11.10 oneiric	Ignored end of life
	10.04 LTS lucid	Fixed 2.1.8+dfsg-1ubuntu1.1
	8.04 LTS hardy	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
freeradius	Upstream: 1b1ec5c

References

Related Ubuntu Security Notices (USN)

USN-2122-1
FreeRADIUS vulnerabilities
26 February 2014

Other references

https://www.cve.org/CVERecord?id=CVE-2011-4966