FreeBSD : databases/postgresql*-server -- crypt vulnerabilities (a8864f8f-aa9e-11e1-a284-0023ae8e59f0)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The PostgreSQL Global Development Group reports :

Today the PHP, OpenBSD and FreeBSD communities announced updates to
patch a security hole involving their crypt() hashing algorithms. This
issue is described in CVE-2012-2143. This vulnerability also affects a
minority of PostgreSQL users, and will be fixed in an update release
on June 4, 2012.

Affected users are those who use the crypt(text, text) function with
DES encryption in the optional pg_crypto module. Passwords affected
are those that contain characters that cannot be represented with
7-bit ASCII. If a password contains a character that has the most
significant bit set (0x80), and DES encryption is used, that character
and all characters after it will be ignored.

See also :

http://www.postgresql.org/about/news/1397/
http://www.nessus.org/u?51256ba9
http://www.nessus.org/u?aaa75e0f

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 59314 ()

Bugtraq ID:

CVE ID: CVE-2012-2143

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now