Solution
Please Install the Updated Packages.
Insight
It was discovered that FreeRADIUS incorrectly handled unix authentication. A remote user could successfully authenticate with an expired password. (CVE-2011-4966)
Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap hash processing. An authenticated user could use this issue to cause FreeRADIUS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2014-2015)
Affected
freeradius on Ubuntu 13.10 ,
Ubuntu 12.10 ,
Ubuntu 12.04 LTS ,
Ubuntu 10.04 LTS
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-4966, CVE-2014-2015 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Ubuntu Update for base-files vulnerability USN-968-1
- Ubuntu Update for bash USN-2363-1
- Ubuntu Update for apturl, Epiphany, gecko-sharp, gnome-python-extras, liferea, rhythmbox, totem, ubufox, yelp update USN-930-2
- Ubuntu Update for clamav vulnerabilities USN-1031-1
- Ubuntu Update for devscripts USN-1593-1