FreeBSD : databases/postgresql*-server -- crypt vulnerabilities (a8864f8f-aa9e-11e1-a284-0023ae8e59f0)

Medium Nessus Plugin ID 59314


The remote FreeBSD host is missing one or more security-related updates.


The PostgreSQL Global Development Group reports :

Today the PHP, OpenBSD and FreeBSD communities announced updates to patch a security hole involving their crypt() hashing algorithms. This issue is described in CVE-2012-2143. This vulnerability also affects a minority of PostgreSQL users, and will be fixed in an update release on June 4, 2012.

Affected users are those who use the crypt(text, text) function with DES encryption in the optional pg_crypto module. Passwords affected are those that contain characters that cannot be represented with 7-bit ASCII. If a password contains a character that has the most significant bit set (0x80), and DES encryption is used, that character and all characters after it will be ignored.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 59314

File Name: freebsd_pkg_a8864f8faa9e11e1a2840023ae8e59f0.nasl

Version: $Revision: 1.9 $

Type: local

Published: 2012/05/31

Modified: 2015/05/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:postgresql-server, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/05/30

Vulnerability Publication Date: 2012/05/30

Reference Information

CVE: CVE-2012-2143