Amazon Linux AMI : postgresql Hashing Vulnerability (ALAS-2011-12)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

The MITRE CVE database describes CVE-2011-2483 as :

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain
platforms, PostgreSQL before 8.4.9, and other products, does not
properly handle 8-bit characters, which makes it easier for
context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash.

A signedness issue was found in the way the crypt() function in the
PostgreSQL pgcrypto module handled 8-bit characters in passwords when
using Blowfish hashing. Up to three characters immediately preceding a
non-ASCII character (one with the high bit set) had no effect on the
hash result, thus shortening the effective password length. This made
brute-force guessing more efficient as several different passwords
were hashed to the same value. (CVE-2011-2483)

Note: Due to the CVE-2011-2483 fix, after installing this update some
users may not be able to log in to applications that store user
passwords, hashed with Blowfish using the PostgreSQL crypt() function,
in a back-end PostgreSQL database. Unsafe processing can be re-enabled
for specific passwords (allowing affected users to log in) by changing
their hash prefix to '$2x$'.

See also :

http://www.nessus.org/u?7ecb6503

Solution :

Run 'yum upgrade postgresql*' to upgrade your system.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69571 ()

Bugtraq ID:

CVE ID: CVE-2011-2483