Synopsis: Low: freeradius2 security and bug fix update
Issue Date: 2013-01-08
CVE Numbers: CVE-2011-4966
It was found that the “unix” module ignored the password expiration setting in
“/etc/shadow”. If FreeRADIUS was configured to use this module for user
authentication, this flaw could allow users with an expired password to
successfully authenticate, even though their access should have been denied.
This update also fixes the following bugs:
* After log rotation, the freeradius logrotate script failed to reload the
radiusd daemon and log messages were lost. This update has added a command to
the freeradius logrotate script to reload the radiusd daemon and the radiusd
daemon re-initializes and reopens its log files after log rotation as expected.
* The radtest script with the “eap-md5” option failed because it passed the IP
family argument when invoking the radeapclient utility and the radeapclient
utility did not recognize the IP family. The radeapclient utility now
recognizes the IP family argument and radtest now works with eap-md5 as
* Previously, freeradius was compiled without the “–with-udpfromto” option.
Consequently, with a multihomed server and explicitly specifying the IP
address, freeradius sent the reply with the wrong IP source address. With this
update, freeradius has been built with the “–with-udpfromto” configuration
option and the RADIUS reply is always sourced from the IP address the request
was sent to.
* Due to invalid syntax in the PostgreSQL admin schema file, the FreeRADIUS
PostgreSQL tables failed to be created. With this update, the syntax has been
adjusted and the tables are created as expected.
* FreeRADIUS has a thread pool that dynamically grows based on load. If
multiple threads using the “rlm_perl()” function are spawned in quick
succession, the FreeRADIUS server sometimes terminated unexpectedly with a
segmentation fault due to parallel calls to the “rlm_perl_clone()” function.
With this update, a mutex for the threads has been added and the problem no
* The man page for “rlm_dbm_parser” was incorrectly installed as
“rlm_dbm_parse”, omitting the trailing “r”. The man page now correctly appears
They are also advised to check for RPM backup files ending in “.rpmnew” or
“.rpmsave” under the /etc/raddb/ directory after the update because the
FreeRADIUS server will attempt to load every file it finds in its configuration
directory. The extra files will often cause the wrong configuration values to
be applied resulting in either unpredictable behavior or the failure of the
server to initialize and run.
– Scientific Linux Development Team