4.3

CVE-2012-2143

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 8.3 < 8.3.19
PostgresqlPostgresql Version >= 8.4 < 8.4.12
PostgresqlPostgresql Version >= 9.0 < 9.0.8
PostgresqlPostgresql Version >= 9.1 < 9.1.4
FreebsdFreebsd Version <= 9.0
FreebsdFreebsd Version1.0
FreebsdFreebsd Version1.1
FreebsdFreebsd Version1.1.5
FreebsdFreebsd Version1.1.5.1
FreebsdFreebsd Version2.0
FreebsdFreebsd Version2.0.5
FreebsdFreebsd Version2.1
FreebsdFreebsd Version2.1.5
FreebsdFreebsd Version2.1.6
FreebsdFreebsd Version2.1.7
FreebsdFreebsd Version2.2
FreebsdFreebsd Version2.2.1
FreebsdFreebsd Version2.2.2
FreebsdFreebsd Version2.2.5
FreebsdFreebsd Version2.2.6
FreebsdFreebsd Version2.2.7
FreebsdFreebsd Version2.2.8
FreebsdFreebsd Version3.0
FreebsdFreebsd Version3.1
FreebsdFreebsd Version3.2
FreebsdFreebsd Version3.3
FreebsdFreebsd Version3.4
FreebsdFreebsd Version3.5
FreebsdFreebsd Version4.0
FreebsdFreebsd Version4.1
FreebsdFreebsd Version4.1.1
FreebsdFreebsd Version4.2
FreebsdFreebsd Version4.3
FreebsdFreebsd Version4.4
FreebsdFreebsd Version4.5
FreebsdFreebsd Version4.6
FreebsdFreebsd Version4.6.2
FreebsdFreebsd Version4.7
FreebsdFreebsd Version4.8
FreebsdFreebsd Version4.9
FreebsdFreebsd Version4.10
FreebsdFreebsd Version4.11
FreebsdFreebsd Version5.0
FreebsdFreebsd Version5.1
FreebsdFreebsd Version5.2
FreebsdFreebsd Version5.2.1
FreebsdFreebsd Version5.3
FreebsdFreebsd Version5.4
FreebsdFreebsd Version5.5
FreebsdFreebsd Version6.0
FreebsdFreebsd Version6.1
FreebsdFreebsd Version6.2
FreebsdFreebsd Version6.3
FreebsdFreebsd Version6.4
FreebsdFreebsd Version7.0
FreebsdFreebsd Version7.1
FreebsdFreebsd Version7.2
FreebsdFreebsd Version7.3
FreebsdFreebsd Version7.4
FreebsdFreebsd Version8.0
FreebsdFreebsd Version8.1
FreebsdFreebsd Version8.2
FreebsdFreebsd Version8.3
PhpPhp Version < 5.3.14
PhpPhp Version >= 5.4.0 < 5.4.4
DebianDebian Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.73% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT5501
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
Third Party Advisory
Mailing List
http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34
Patch
Broken Link
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Third Party Advisory
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-1037.html
Third Party Advisory
http://secunia.com/advisories/49304
Vendor Advisory
Broken Link
http://secunia.com/advisories/50718
Vendor Advisory
Broken Link
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
Vendor Advisory
http://www.debian.org/security/2012/dsa-2491
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
Broken Link
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
Vendor Advisory
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
Vendor Advisory
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
Vendor Advisory
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
Vendor Advisory
http://www.postgresql.org/support/security/
Vendor Advisory
http://www.securitytracker.com/id?1026995
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=816956
Third Party Advisory
Issue Tracking