CVE - CVE-2012-2143

CVE-ID
CVE-2012-2143	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
APPLE:APPLE-SA-2012-09-19-2 URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html CONFIRM:http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34 CONFIRM:http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 CONFIRM:http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 CONFIRM:http://support.apple.com/kb/HT5501 CONFIRM:http://www.postgresql.org/docs/8.3/static/release-8-3-19.html CONFIRM:http://www.postgresql.org/docs/8.4/static/release-8-4-12.html CONFIRM:http://www.postgresql.org/docs/9.0/static/release-9-0-8.html CONFIRM:http://www.postgresql.org/docs/9.1/static/release-9-1-4.html CONFIRM:http://www.postgresql.org/support/security/ CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=816956 DEBIAN:DSA-2491 URL:http://www.debian.org/security/2012/dsa-2491 FEDORA:FEDORA-2012-8893 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html FEDORA:FEDORA-2012-8915 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html FEDORA:FEDORA-2012-8924 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html FREEBSD:FreeBSD-SA-12:02 URL:http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc MANDRIVA:MDVSA-2012:092 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2012:092~~ (Obsolete source) REDHAT:RHSA-2012:1037 URL:http://rhn.redhat.com/errata/RHSA-2012-1037.html SECTRACK:1026995 URL:http://www.securitytracker.com/id?1026995 SECUNIA:49304 URL:http://secunia.com/advisories/49304 SECUNIA:50718 URL:http://secunia.com/advisories/50718 SUSE:SUSE-SU-2012:0840 URL:http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html SUSE:openSUSE-SU-2012:1251 URL:http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html SUSE:openSUSE-SU-2012:1288 URL:http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html SUSE:openSUSE-SU-2012:1299 URL:http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20120404	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)