Novell Home

CVE-2011-4966

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-4966 at MITRE

Description

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 797313

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP2 DEBUGINFO
  • freeradius-server-debuginfo >= 2.1.1-7.16.1
  • freeradius-server-debugsource >= 2.1.1-7.16.1
Builds
SAT Patch Nr: 7255
SUSE Linux Enterprise Software Development Kit 11 SP2
  • freeradius-server-devel >= 2.1.1-7.16.1
  • freeradius-server-libs >= 2.1.1-7.16.1
Builds
SAT Patch Nr: 7255
SUSE Linux Enterprise Software Development Kit 11 SP2
  • freeradius-server-devel >= 2.1.1-7.16.1
Builds
SAT Patch Nr: 7255
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • freeradius-server >= 2.1.1-7.16.1
  • freeradius-server-dialupadmin >= 2.1.1-7.16.1
  • freeradius-server-doc >= 2.1.1-7.16.1
  • freeradius-server-libs >= 2.1.1-7.16.1
  • freeradius-server-utils >= 2.1.1-7.16.1
Builds
SAT Patch Nr: 7255

© 2014 Novell