CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
81.7%
It was discovered that FreeRADIUS incorrectly handled unix authentication.
A remote user could successfully authenticate with an expired password.
(CVE-2011-4966)
Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap
hash processing. An authenticated user could use this issue to cause
FreeRADIUS to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases should
reduce the vulnerability to a denial of service. (CVE-2014-2015)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 13.10 | noarch | freeradius | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-dbg | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-iodbc | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-krb5 | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-ldap | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-mysql | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-postgresql | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | freeradius-utils | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libfreeradius-dev | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |
Ubuntu | 13.10 | noarch | libfreeradius2 | < 2.1.12+dfsg-1.2ubuntu5.1 | UNKNOWN |