CVE-2012-2143

MEDIUM

Description

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

ID	Name	Product	Family	Severity
9097	PHP 5.3.x < 5.3.14 / 5.4.x < 5.4.4 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	high
74773	openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)	Nessus	SuSE Local Security Checks	medium
74769	openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1288-1)	Nessus	SuSE Local Security Checks	medium
74766	openSUSE Security Update : postgresql / postgresql-libs (openSUSE-SU-2012:1251-1)	Nessus	SuSE Local Security Checks	medium
74667	openSUSE Security Update : php5 (openSUSE-SU-2012:0826-1)	Nessus	SuSE Local Security Checks	medium
69702	Amazon Linux AMI : php (ALAS-2012-95)	Nessus	Amazon Linux Local Security Checks	high
69701	Amazon Linux AMI : postgresql8 (ALAS-2012-94)	Nessus	Amazon Linux Local Security Checks	medium
69698	Amazon Linux AMI : postgresql9 (ALAS-2012-91)	Nessus	Amazon Linux Local Security Checks	medium
68571	Oracle Linux 5 : php53 (ELSA-2012-1047)	Nessus	Oracle Linux Local Security Checks	high
68570	Oracle Linux 6 : php (ELSA-2012-1046)	Nessus	Oracle Linux Local Security Checks	high
68568	Oracle Linux 5 / 6 : postgresql / postgresql84 (ELSA-2012-1037)	Nessus	Oracle Linux Local Security Checks	medium
68567	Oracle Linux 5 : postgresql (ELSA-2012-1036)	Nessus	Oracle Linux Local Security Checks	medium
67089	CentOS 5 : php53 (CESA-2012:1047)	Nessus	CentOS Local Security Checks	high
6816	PostgreSQL < 8.3.19 / 8.4.12 / 9.0.8 / 9.1.4 Multiple Vulnerabilities	Nessus Network Monitor	Database	medium
64216	SuSE 11.1 Security Update : PostgreSQL (SAT Patch Number 6697)	Nessus	SuSE Local Security Checks	medium
64104	SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6440)	Nessus	SuSE Local Security Checks	high
63353	PostgreSQL 8.3 < 8.3.19 / 8.4 < 8.4.12 / 9.0 < 9.0.8 / 9.1 < 9.1.4 Multiple Vulnerabilities	Nessus	Databases	medium
62380	GLSA-201209-24 : PostgreSQL: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
62236	GLSA-201209-03 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
6584	Mac OS X 10.8 < 10.8.2 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
6583	Mac OS X 10.7 < 10.7.5 Multiple Vulnerabilities	Nessus Network Monitor	Generic	critical
62215	Mac OS X 10.8.x < 10.8.2 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	critical
62214	Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)	Nessus	MacOS X Local Security Checks	critical
62213	Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)	Nessus	MacOS X Local Security Checks	critical
61358	Scientific Linux Security Update : php on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
61356	Scientific Linux Security Update : php53 on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	high
61354	Scientific Linux Security Update : postgresql on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
61353	Scientific Linux Security Update : postgresql and postgresql84 on SL6.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
61352	Scientific Linux Security Update : postgresql and postgresql84 on SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
59938	CentOS 6 : php (CESA-2012:1046)	Nessus	CentOS Local Security Checks	high
59827	Fedora 16 : maniadrive-1.2-32.fc16.6 / php-5.3.14-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16.6 (2012-9762)	Nessus	Fedora Local Security Checks	high
59801	Fedora 17 : maniadrive-1.2-41.fc17 / php-5.4.4-1.fc17 (2012-9490)	Nessus	Fedora Local Security Checks	high
59769	Debian DSA-2491-1 : postgresql-8.4 - several vulnerabilities	Nessus	Debian Local Security Checks	medium
59753	RHEL 5 : php53 (RHSA-2012:1047)	Nessus	Red Hat Local Security Checks	high
59752	RHEL 6 : php (RHSA-2012:1046)	Nessus	Red Hat Local Security Checks	high
59746	FreeBSD : FreeBSD -- Incorrect crypt() hashing (185ff22e-c066-11e1-b5e0-000c299b62e1)	Nessus	FreeBSD Local Security Checks	medium
59719	CentOS 5 / 6 : postgresql / postgresql84 (CESA-2012:1037)	Nessus	CentOS Local Security Checks	medium
59712	RHEL 5 / 6 : postgresql and postgresql84 (RHSA-2012:1037)	Nessus	Red Hat Local Security Checks	medium
59711	RHEL 5 : postgresql (RHSA-2012:1036)	Nessus	Red Hat Local Security Checks	medium
59687	CentOS 5 : postgresql (CESA-2012:1036)	Nessus	CentOS Local Security Checks	medium
59603	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : php5 vulnerabilities (USN-1481-1)	Nessus	Ubuntu Local Security Checks	high
59539	Fedora 17 : postgresql-9.1.4-1.fc17 (2012-8924)	Nessus	Fedora Local Security Checks	medium
59538	Fedora 15 : postgresql-9.0.8-1.fc15 (2012-8915)	Nessus	Fedora Local Security Checks	medium
59534	Fedora 16 : postgresql-9.1.4-1.fc16 (2012-8893)	Nessus	Fedora Local Security Checks	medium
59530	PHP 5.4.x < 5.4.4 Multiple Vulnerabilities	Nessus	CGI abuses	high
59529	PHP 5.3.x < 5.3.14 Multiple Vulnerabilities	Nessus	CGI abuses	high
59519	Mandriva Linux Security Advisory : php (MDVSA-2012:093)	Nessus	Mandriva Local Security Checks	high
59518	Mandriva Linux Security Advisory : postgresql (MDVSA-2012:092)	Nessus	Mandriva Local Security Checks	medium
59385	Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : postgresql-8.3, postgresql-8.4, postgresql-9.1 vulnerabilities (USN-1461-1)	Nessus	Ubuntu Local Security Checks	medium
59314	FreeBSD : databases/postgresql*-server -- crypt vulnerabilities (a8864f8f-aa9e-11e1-a284-0023ae8e59f0)	Nessus	FreeBSD Local Security Checks	medium

CVE-2012-2143

Description

References

Details

Risk Information

CVSS v2.0