[opensuse-security] CVE-2011-4966
This CVE has been issued and a patch is available from Suse. But there's no more information. Do you have any data to share about FreeRADIUS security? Alan DeKok. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Mon, Jan 28, 2013 at 10:25:49AM -0500, Alan DeKok wrote:
This CVE has been issued and a patch is available from Suse. But there's no more information.
Do you have any data to share about FreeRADIUS security?
Sorry that our text was not informative here. https://bugzilla.novell.com/show_bug.cgi?id=797313 First comment specifies the vulnerability: " When FreeRADIUS is configured to use the 'unix' module and shadow passwords, the password expiration field is ignored. This could allow a user with an expired password to authenticate against FreeRADIUS. " Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (2)
-
Alan DeKok -
Marcus Meissner