Vulnerabilities > CVE-2011-4966 - Credentials Management vulnerability in Freeradius

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2122-1.NASL
    descriptionIt was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. (CVE-2011-4966) Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap hash processing. An authenticated user could use this issue to cause FreeRADIUS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-2015). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-18
    modified2014-02-27
    plugin id72719
    published2014-02-27
    reporterUbuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/72719
    titleUbuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : freeradius vulnerabilities (USN-2122-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-038.NASL
    descriptionUpdated freeradius packages fixes security vulnerabilities : It was found that the unix module ignored the password expiration setting in /etc/shadow. If FreeRADIUS was configured to use this module for user authentication, this flaw could allow users with an expired password to successfully authenticate, even though their access should have been denied (CVE-2011-4966). Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long not after timestamp in a client certificate (CVE-2012-3547).
    last seen2020-06-01
    modified2020-06-02
    plugin id66052
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66052
    titleMandriva Linux Security Advisory : freeradius (MDVSA-2013:038)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FREERADIUS-SERVER-130122.NASL
    descriptionThis update for freeradius-server provides the following fixes and improvements : - Increase the vendor IDs limit from 32767 to 65535. (bnc#791666) - Fix issues with escaping special characters in password. (bnc#797515) - Respect expired passwords and accounts when using the unix module. (bnc#797313, CVE-2011-4966)
    last seen2020-06-05
    modified2013-02-28
    plugin id64925
    published2013-02-28
    reporterThis script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64925
    titleSuSE 11.2 Security Update : freeradius (SAT Patch Number 7255)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20130108_FREERADIUS2_ON_SL5_X.NASL
    descriptionIt was found that the
    last seen2020-03-18
    modified2013-01-17
    plugin id63593
    published2013-01-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63593
    titleScientific Linux Security Update : freeradius2 on SL5.x i386/x86_64 (20130108)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2013-0134.NASL
    descriptionFrom Red Hat Security Advisory 2013:0134 : Updated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is an open source Remote Authentication Dial-In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id68705
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68705
    titleOracle Linux 5 : freeradius2 (ELSA-2013-0134)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2013-0134.NASL
    descriptionUpdated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is an open source Remote Authentication Dial-In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id63579
    published2013-01-17
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63579
    titleCentOS 5 : freeradius2 (CESA-2013:0134)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2013-37.NASL
    description - fix for CVE-2011-4966 (bnc#797313) (freeradius-server-CVE-2011-4966.patch) - fixed a bug in the logrotate script (bnc#797292)
    last seen2020-06-05
    modified2014-06-13
    plugin id74983
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74983
    titleopenSUSE Security Update : freeradius-server (openSUSE-SU-2013:0137-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2013-0134.NASL
    descriptionUpdated freeradius2 packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. FreeRADIUS is an open source Remote Authentication Dial-In User Service (RADIUS) server which allows RADIUS clients to perform authentication against the RADIUS server. The RADIUS server may optionally perform accounting of its operations using the RADIUS protocol. It was found that the
    last seen2020-06-01
    modified2020-06-02
    plugin id63415
    published2013-01-08
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63415
    titleRHEL 5 : freeradius2 (RHSA-2013:0134)

Redhat

advisories
  • bugzilla
    id810605
    titleSegfault with freeradius-perl threading
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • commentfreeradius-perl is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881001
          • commentfreeradius-perl is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881002
        • AND
          • commentfreeradius-utils is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881003
          • commentfreeradius-utils is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881004
        • AND
          • commentfreeradius-unixODBC is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881005
          • commentfreeradius-unixODBC is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881006
        • AND
          • commentfreeradius-postgresql is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881007
          • commentfreeradius-postgresql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881008
        • AND
          • commentfreeradius-krb5 is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881009
          • commentfreeradius-krb5 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881010
        • AND
          • commentfreeradius-python is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881011
          • commentfreeradius-python is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881012
        • AND
          • commentfreeradius-ldap is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881013
          • commentfreeradius-ldap is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881014
        • AND
          • commentfreeradius-mysql is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881015
          • commentfreeradius-mysql is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881016
        • AND
          • commentfreeradius is earlier than 0:2.1.12-3.el6
            ovaloval:com.redhat.rhba:tst:20120881017
          • commentfreeradius is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20120881018
    rhsa
    idRHBA-2012:0881
    released2012-06-19
    severityNone
    titleRHBA-2012:0881: freeradius bug fix and enhancement update (None)
  • bugzilla
    id879045
    titleCVE-2011-4966 freeradius: does not respect expired passwords when using the unix module
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commentfreeradius2-mysql is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134001
          • commentfreeradius2-mysql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327014
        • AND
          • commentfreeradius2-krb5 is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134003
          • commentfreeradius2-krb5 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327012
        • AND
          • commentfreeradius2-perl is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134005
          • commentfreeradius2-perl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327006
        • AND
          • commentfreeradius2-python is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134007
          • commentfreeradius2-python is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327016
        • AND
          • commentfreeradius2 is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134009
          • commentfreeradius2 is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327018
        • AND
          • commentfreeradius2-ldap is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134011
          • commentfreeradius2-ldap is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327010
        • AND
          • commentfreeradius2-utils is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134013
          • commentfreeradius2-utils is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327004
        • AND
          • commentfreeradius2-unixODBC is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134015
          • commentfreeradius2-unixODBC is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327008
        • AND
          • commentfreeradius2-postgresql is earlier than 0:2.1.12-5.el5
            ovaloval:com.redhat.rhsa:tst:20130134017
          • commentfreeradius2-postgresql is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20121327002
    rhsa
    idRHSA-2013:0134
    released2013-01-08
    severityLow
    titleRHSA-2013:0134: freeradius2 security and bug fix update (Low)
rpms
  • freeradius-0:2.1.12-3.el6
  • freeradius-debuginfo-0:2.1.12-3.el6
  • freeradius-krb5-0:2.1.12-3.el6
  • freeradius-ldap-0:2.1.12-3.el6
  • freeradius-mysql-0:2.1.12-3.el6
  • freeradius-perl-0:2.1.12-3.el6
  • freeradius-postgresql-0:2.1.12-3.el6
  • freeradius-python-0:2.1.12-3.el6
  • freeradius-unixODBC-0:2.1.12-3.el6
  • freeradius-utils-0:2.1.12-3.el6
  • freeradius2-0:2.1.12-5.el5
  • freeradius2-debuginfo-0:2.1.12-5.el5
  • freeradius2-krb5-0:2.1.12-5.el5
  • freeradius2-ldap-0:2.1.12-5.el5
  • freeradius2-mysql-0:2.1.12-5.el5
  • freeradius2-perl-0:2.1.12-5.el5
  • freeradius2-postgresql-0:2.1.12-5.el5
  • freeradius2-python-0:2.1.12-5.el5
  • freeradius2-unixODBC-0:2.1.12-5.el5
  • freeradius2-utils-0:2.1.12-5.el5