The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
14 Mar 2024, 19:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34 - Broken Link, Patch | |
CPE | cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:* cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:* |
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* |
07 Nov 2023, 02:10
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Jan 2023, 17:52
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian
Debian debian Linux |
|
CPE | cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:* |
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/49304 - Broken Link, Vendor Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html - Mailing List, Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT5501 - Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id?1026995 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=816956 - Issue Tracking, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/50718 - Broken Link, Vendor Advisory | |
References | (CONFIRM) http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34 - Vendor Advisory | |
References | (DEBIAN) http://www.debian.org/security/2012/dsa-2491 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html - Mailing List, Third Party Advisory | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html - Mailing List, Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 - Broken Link | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1037.html - Third Party Advisory |
Information
Published : 2012-07-05 14:55
Updated : 2024-03-14 19:59
NVD link : CVE-2012-2143
Mitre link : CVE-2012-2143
CVE.ORG link : CVE-2012-2143
JSON object : View
Products Affected
postgresql
- postgresql
php
- php
debian
- debian_linux
freebsd
- freebsd
CWE
CWE-310
Cryptographic Issues