Vulnerability CVE-2011-4966

Vulnerability Name:

CVE-2011-4966 (CCN-81715)

Assigned:

2011-11-14

Published:

2011-11-14

Updated:

2013-03-19

Summary:

modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode is enabled for user authentication, does not properly check the password expiration in /etc/shadow, which allows remote authenticated users to authenticate using an expired password.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.1 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N)
1.6 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-255

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2011-4966

Source: CCN
Type: FreeRADIUS Web site
FreeRADIUS: The world's most popular RADIUS Server

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0137

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0191

Source: MISC
Type: UNKNOWN
http://rhn.redhat.com/errata/RHBA-2012-0881.html

Source: CCN
Type: RHSA-2013-0134
Low: freeradius2 security and bug fix update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2013:0134

Source: CCN
Type: BID-57177
FreeRADIUS CVE-2011-4966 Authentication Bypass Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 879045
CVE-2011-4966 freeradius: does not respect expired passwords when using the unix module

Source: XF
Type: UNKNOWN
freeradius-expiredpasswords-auth-bypass(81715)

Source: CONFIRM
Type: UNKNOWN
https://github.com/alandekok/freeradius-server/commit/1b1ec5ce75e224bd1755650c18ccdaa6dc53e605

Vulnerable Configuration:

Configuration 1:

cpe:/a:freeradius:freeradius:*:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.2:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.3:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.4:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.5:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.6:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.7:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.7.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.8:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.8.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.9:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.9.0:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.9.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.9.2:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:0.9.3:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.0.0:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.0.3:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.0.4:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.0.5:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.0:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.4:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.5:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.6:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.7:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:1.1.8:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.0:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.0.2:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.0.3:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.0.5:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.0:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.10:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.11:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:2.1.12:*:*:*:*:*:*:*

OR cpe:/a:freeradius:freeradius:*:*:*:*:*:*:*:* (Version <= 2.2.0)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:freeradius:freeradius:2.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:42305	P	Security update for salt (Important)	2022-06-24
oval:org.opensuse.security:def:20114966	V	CVE-2011-4966	2022-05-20
oval:org.opensuse.security:def:26224	P	Security update for libvirt (Important)	2022-01-05
oval:org.opensuse.security:def:33063	P	Security update for xorg-x11-server (Important)	2021-12-14
oval:org.opensuse.security:def:26180	P	Security update for php74 (Moderate)	2021-12-06
oval:org.opensuse.security:def:26179	P	Security update for gmp (Moderate)	2021-12-02
oval:org.opensuse.security:def:33051	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:33052	P	Security update for openexr (Moderate)	2021-12-01
oval:org.opensuse.security:def:26167	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:26168	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:26166	P	Security update for php74 (Moderate)	2021-11-18
oval:org.opensuse.security:def:33731	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:32204	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:34565	P	Security update for iproute2 (Moderate)	2021-10-18
oval:org.opensuse.security:def:32185	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:31680	P	Security update for transfig (Moderate)	2021-09-16
oval:org.opensuse.security:def:26127	P	Security update for postgresql12 (Moderate)	2021-09-16
oval:org.opensuse.security:def:34525	P	Security update for gstreamer-plugins-good (Moderate)	2021-09-02
oval:org.opensuse.security:def:31675	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:26103	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:26078	P	Security update for libxml2 (Moderate)	2021-06-18
oval:org.opensuse.security:def:33674	P	Security update for webkit2gtk3 (Important)	2021-06-17
oval:org.opensuse.security:def:32119	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:42535	P	freeradius-server-2.1.1-7.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36128	P	freeradius-server-2.1.1-7.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36404	P	freeradius-server-devel-2.1.1-7.18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32080	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26029	P	Security update for the Linux Kernel (Important)	2021-04-15
oval:org.opensuse.security:def:31606	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:26025	P	Security update for openexr (Moderate)	2021-04-07
oval:org.opensuse.security:def:31366	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:31365	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:29481	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:33780	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:33091	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31732	P	Security update for krb5-appl (Important)	2021-02-19
oval:org.opensuse.security:def:32260	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:26157	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:32141	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:29396	P	Security update for sudo (Important)	2021-01-27
oval:org.opensuse.security:def:32823	P	Security update for postgresql12 (Important)	2020-12-04
oval:org.opensuse.security:def:35898	P	freeradius-server-2.1.1-7.16.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32031	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31594	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31812	P	Security update for apache2 (Important)	2020-12-01
oval:org.opensuse.security:def:32370	P	Recommended update for tboot (Moderate)	2020-12-01
oval:org.opensuse.security:def:33142	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33517	P	Security update for quagga	2020-12-01
oval:org.opensuse.security:def:33819	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25524	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25874	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:27126	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25689	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26019	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26356	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27091	P	bind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25954	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26238	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26583	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26729	P	krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26371	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26744	P	libexif on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26899	P	fuse on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29122	P	Security update for java-1_7_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:29776	P	Security update for gnuplot (Moderate)	2020-12-01
oval:org.opensuse.security:def:32862	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31377	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31595	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:31904	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:32414	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:33277	P	unrar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33843	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25448	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25652	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:25753	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26395	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:27402	P	freeradius-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25965	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:26295	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:26632	P	puppet on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27367	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26452	P	Security update for phpMyAdmin (Moderate)	2020-12-01
oval:org.opensuse.security:def:26797	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26943	P	libcap-progs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29041	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29253	P	Security update for tcpdump (Important)	2020-12-01
oval:org.opensuse.security:def:29634	P	Security update for clamav (Moderate)	2020-12-01
oval:org.opensuse.security:def:29794	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:31451	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31819	P	Security update for augeas (Moderate)	2020-12-01
oval:org.opensuse.security:def:31961	P	Security update for guile (Low)	2020-12-01
oval:org.opensuse.security:def:32309	P	Security update for quagga (Moderate)	2020-12-01
oval:org.opensuse.security:def:33372	P	Security update for IBM Java 1.4.2	2020-12-01
oval:org.opensuse.security:def:33887	P	Security update for kdebase4-runtime	2020-12-01
oval:org.opensuse.security:def:25449	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25733	P	Security update for mgetty (Moderate)	2020-12-01
oval:org.opensuse.security:def:25677	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:25881	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26254	P	Security update for dia (Moderate)	2020-12-01
oval:org.opensuse.security:def:26409	P	Security update for lame (Important)	2020-12-01
oval:org.opensuse.security:def:26379	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:26671	P	apache2-mod_php53 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27616	P	Security update for freeradius	2020-12-01
oval:org.opensuse.security:def:26509	P	Security update for cacti, cacti-spine (Moderate)	2020-12-01
oval:org.opensuse.security:def:26846	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27581	P	xorg-x11-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29042	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:29339	P	Security update for SUSE Manager Client Tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:29688	P	Security update for evince (Moderate)	2020-12-01
oval:org.opensuse.security:def:29838	P	Security update for kdelibs4	2020-12-01
oval:org.opensuse.security:def:31583	P	Recommended update for tboot (Moderate)	2020-12-01
oval:org.opensuse.security:def:31975	P	Security update for jasper (Important)	2020-12-01
oval:org.opensuse.security:def:32048	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:32348	P	Security update for sqlite3 (Important)	2020-12-01
oval:org.opensuse.security:def:33429	P	Security update for cpio	2020-12-01
oval:org.opensuse.security:def:26897	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25460	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25790	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26862	P	apache2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25678	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25962	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26307	P	Security update for conntrack-tools (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26530	P	clamav on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26685	P	dhcp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26243	P	Security update for libpcap (Important)	2020-12-01
oval:org.opensuse.security:def:26593	P	libnetpbm10 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26885	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30513	P	Security update for freeradius	2020-12-01
oval:org.opensuse.security:def:29053	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29737	P	Security update for freetype2	2020-12-01
oval:org.opensuse.security:def:30476	P	Security update for bind (Important)	2020-12-01
oval:org.mitre.oval:def:26162	P	SUSE-SU-2013:0356-1 -- Security update for freeradius	2014-09-08
oval:org.mitre.oval:def:24409	P	USN-2122-1 -- freeradius vulnerabilities	2014-06-30
oval:org.mitre.oval:def:23215	P	ELSA-2013:0134: freeradius2 security and bug fix update (Low)	2014-05-26
oval:org.mitre.oval:def:20824	P	RHSA-2013:0134: freeradius2 security and bug fix update (Low)	2014-02-17
oval:com.ubuntu.precise:def:20114966000	V	CVE-2011-4966 on Ubuntu 12.04 LTS (precise) - low.	2013-03-12
oval:com.redhat.rhsa:def:20130134	P	RHSA-2013:0134: freeradius2 security and bug fix update (Low)	2013-01-08
oval:com.redhat.rhba:def:20120881	P	RHBA-2012:0881: freeradius bug fix and enhancement update (Low)	2012-06-20

BACK