The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts).
Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483)

SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method.
This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out.
New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation.

Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update.

Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm.

FAQ :

Q: I only use ASCII characters in passwords, am I a affected in any way? A: No.

Q: What's the meaning of the ids before and after the update? A:
Before the update: $2a -> buggy algorithm

After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y
-> correct algorithm

System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm

Q: How do I require users to change their password on next login? A:
Run the following command as root for each user: chage -d 0

Q: I run an application that has $2a hashes in it's password database.
Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP.

Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd

The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.

Manual pages for several kernel and library functions were added. The crypt(3) manual page was updated to also list the 2y prefix.

Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

PostgreSQL is an advanced object-relational database management system (DBMS).

A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483)

Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.

These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes :

http://www.postgresql.org/docs/8.4/static/release.html

All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.

Multiple vulnerabilities was discovered and fixed in glibc :

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089).

Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659).

crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483).

The updated packages have been patched to correct these issues.

The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to '$2x$' in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details.

File uploads could potentially overwrite files owned by the user running php (CVE-2011-2202).

A long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)

The crypt(3) manpage was updated to also list the 2y prefix.

PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues.

The following security issues have been fixed :

  - CVE-2012-3488: This update fixes arbitrary read and     write of files via XSL functionality.

  - CVE-2012-2655: postgresql: denial of service (stack     exhaustion) via specially crafted SQL.

  - CVE-2011-2483: crypt_blowfish was mishandling 8 bit     characters.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities :

  - crypt_blowfish as used in PHP does not properly handle     8-bit characters, which makes it easier for     context-dependent attackers to determine a cleartext     password by leveraging knowledge of a password hash.
    (CVE-2011-2483)

  - Multiple NULL Pointer Dereference with the     zend_strndup() fucntion could allow a remote attacker     to cause a denial of service. (CVE-2011-4153)

  - A flaw in SSL sockets with SSL 3.0 / TLS 1.0 was     addressed. (CVE-2011-3389)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in PHP. Please review the       CVE identifiers referenced below for details.
  Impact :

    A context-dependent attacker could execute arbitrary code, obtain       sensitive information from process memory, bypass intended access       restrictions, or cause a Denial of Service in various ways.
    A remote attacker could cause a Denial of Service in various ways,       bypass spam detections, or bypass open_basedir restrictions.
  Workaround :

    There is no known workaround at this time.

The remote host is running a version of Mac OS X 10.7 that is older than version 10.7.3.  The newer version contains numerous security-related fixes for the following components :

  - Address Book
  - Apache
  - ATS
  - CFNetwork
 - CoreMedia
 - CoreText
 - CoreUI
 - curl
 - Data Security
 - dovecot
 - filecmds
 - ImageIO
 - Internet Sharing
 - Libinfo
 - libresolv
 - libsecurity
 - OpenGL
 - PHP
 - QuickTime
 - Subversion
 - Time Machine
 - WebDAV Sharing
 - Webmail
 - X11

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : 

  - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

  - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

  - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

  - crypt_blowfish was updated to 1.2. (CVE-2011-2483)

  - Multiple null pointer dereferences exist.

  - An unspecified crash exists in error_log().

  - A buffer overflow vulnerability exists in crypt().
 - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.

Versions of PHP 5.3 earlier than 5.3.7 are potentially affected by multiple vulnerabilities : 

  - A stack buffer overflow exists in socket_connect(). (CVE-2011-1938)

  - A use-after-free vulnerability exists in substr_replace(). (CVE-2011-1148)

  - A code execution vulnerability exists in ZipArchive: : addGlob(). (CVE-2011-1657)

  - crypt_blowfish was updated to 1.2. (CVE-2011-2483)

  - Multiple null pointer dereferences exist.

  - An unspecified crash exists in error_log().

  - A buffer overflow vulnerability exists in crypt().

ID	Name	Product	Family	Published	Updated	Severity
55920	SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)	Nessus	SuSE Local Security Checks	8/20/2011	1/19/2021	medium
56018	SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041)	Nessus	SuSE Local Security Checks	8/31/2011	1/19/2021	medium
56019	SuSE 11.1 Security Update : man-pages (SAT Patch Number 5064)	Nessus	SuSE Local Security Checks	8/31/2011	1/19/2021	medium
56536	CentOS 5 : postgresql84 (CESA-2011:1378)	Nessus	CentOS Local Security Checks	10/19/2011	1/4/2021	medium
58576	SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)	Nessus	SuSE Local Security Checks	4/3/2012	1/19/2021	medium
61938	Mandriva Linux Security Advisory : glibc (MDVSA-2011:179)	Nessus	Mandriva Local Security Checks	9/6/2012	1/6/2021	medium
75433	openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	critical
75943	openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	medium
83561	SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)	Nessus	SuSE Local Security Checks	5/20/2015	1/19/2021	medium
122590	PHP 5.4.x < 5.4.0 Multiple Vulnerabilities	Nessus	CGI abuses	3/4/2019	5/26/2025	high
56459	GLSA-201110-06 : PHP: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	10/12/2011	1/6/2021	critical
6303	Mac OS X 10.7 < 10.7.3 Multiple Vulnerabilities	Nessus Network Monitor	Generic	2/6/2012	3/6/2019	critical
6015	PHP 5.3.x < 5.3.7 Multiple Vulnerabilities	Nessus Network Monitor	Web Servers	8/23/2011	3/6/2019	high
801087	PHP 5.3 < 5.3.7 Multiple Vulnerabilities	Log Correlation Engine	Web Servers	8/23/2011		high

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

critical

medium

medium

high

critical

critical

high

high