CVE-2011-4966

Publication date 12 March 2013

Last updated 24 July 2024


Ubuntu priority

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

Status

Package Ubuntu Release Status
freeradius 13.10 saucy
Not affected
13.04 raring Ignored end of life
12.10 quantal
Fixed 2.1.12+dfsg-1.1ubuntu0.1
12.04 LTS precise
Fixed 2.1.10+dfsg-3ubuntu0.12.04.2
11.10 oneiric Ignored end of life
10.04 LTS lucid
Fixed 2.1.8+dfsg-1ubuntu1.1
8.04 LTS hardy Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
freeradius

References

Related Ubuntu Security Notices (USN)

    • USN-2122-1
    • FreeRADIUS vulnerabilities
    • 26 February 2014

Other references