FreeBSD : databases/postgresql*-server -- crypt vulnerabilities (a8864f8f-aa9e-11e1-a284-0023ae8e59f0)
Medium Nessus Plugin ID 59314
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe PostgreSQL Global Development Group reports :
Today the PHP, OpenBSD and FreeBSD communities announced updates to patch a security hole involving their crypt() hashing algorithms. This issue is described in CVE-2012-2143. This vulnerability also affects a minority of PostgreSQL users, and will be fixed in an update release on June 4, 2012.
Affected users are those who use the crypt(text, text) function with DES encryption in the optional pg_crypto module. Passwords affected are those that contain characters that cannot be represented with 7-bit ASCII. If a password contains a character that has the most significant bit set (0x80), and DES encryption is used, that character and all characters after it will be ignored.
SolutionUpdate the affected packages.