Scientific Linux Security Update : freeradius2 on SL5.x i386/x86_64

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was found that the 'unix' module ignored the password expiration
setting in '/etc/shadow'. If FreeRADIUS was configured to use this
module for user authentication, this flaw could allow users with an
expired password to successfully authenticate, even though their
access should have been denied. (CVE-2011-4966)

This update also fixes the following bugs :

- After log rotation, the freeradius logrotate script
failed to reload the radiusd daemon and log messages
were lost. This update has added a command to the
freeradius logrotate script to reload the radiusd daemon
and the radiusd daemon re-initializes and reopens its
log files after log rotation as expected.

- The radtest script with the 'eap-md5' option failed
because it passed the IP family argument when invoking
the radeapclient utility and the radeapclient utility
did not recognize the IP family. The radeapclient
utility now recognizes the IP family argument and
radtest now works with eap-md5 as expected.

- Previously, freeradius was compiled without the
'--with-udpfromto' option. Consequently, with a
multihomed server and explicitly specifying the IP
address, freeradius sent the reply with the wrong IP
source address. With this update, freeradius has been
built with the '--with-udpfromto' configuration option
and the RADIUS reply is always sourced from the IP
address the request was sent to.

- Due to invalid syntax in the PostgreSQL admin schema
file, the FreeRADIUS PostgreSQL tables failed to be
created. With this update, the syntax has been adjusted
and the tables are created as expected.

- FreeRADIUS has a thread pool that dynamically grows
based on load. If multiple threads using the
'rlm_perl()' function are spawned in quick succession,
the FreeRADIUS server sometimes terminated unexpectedly
with a segmentation fault due to parallel calls to the
'rlm_perl_clone()' function. With this update, a mutex
for the threads has been added and the problem no longer
occurs.

- The man page for 'rlm_dbm_parser' was incorrectly
installed as 'rlm_dbm_parse', omitting the trailing 'r'.
The man page now correctly appears as rlm_dbm_parser.

They are also advised to check for RPM backup files ending in
'.rpmnew' or '.rpmsave' under the /etc/raddb/ directory after the
update because the FreeRADIUS server will attempt to load every file
it finds in its configuration directory. The extra files will often
cause the wrong configuration values to be applied resulting in either
unpredictable behavior or the failure of the server to initialize and
run.

See also :

http://www.nessus.org/u?8ce1589e

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 63593 ()

Bugtraq ID:

CVE ID: CVE-2011-4966