Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
It was discovered that FreeRADIUS incorrectly handled unix
authentication. A remote user could successfully authenticate with an
expired password. (CVE-2011-4966)
Pierre Carrier discovered that FreeRADIUS incorrectly handled rlm_pap
hash processing. An authenticated user could use this issue to cause
FreeRADIUS to crash, resulting in a denial of service, or possibly
execute arbitrary code. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
Update the affected freeradius package.
Risk factor :
Medium / CVSS Base Score : 6.0