CVE-2012-2143

Published: Jul 5, 2012Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Affected (66)

Products: Postgresql: Postgresql · Freebsd: Freebsd · Php: Php · +1 more

Show all products

Postgresql: Postgresql · Freebsd: Freebsd · Php: Php · Debian: Debian Linux

1 product

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	From 8.3 to 8.3.19
Postgresql Postgresql	From 8.4 to 8.4.12
Postgresql Postgresql	From 9.0 to 9.0.8
Postgresql Postgresql	From 9.1 to 9.1.4

Configuration B

59 vulnerable

Vulnerable Software	Affected Versions
Freebsd Freebsd	Up to 9.0
Freebsd Freebsd	Version 1.0
Freebsd Freebsd	Version 1.1.5.1
Freebsd Freebsd	Version 1.1.5
Freebsd Freebsd	Version 1.1
Freebsd Freebsd	Version 2.0.5
Freebsd Freebsd	Version 2.0
Freebsd Freebsd	Version 2.1.5
Freebsd Freebsd	Version 2.1.6
Freebsd Freebsd	Version 2.1.7
Freebsd Freebsd	Version 2.1
Freebsd Freebsd	Version 2.2.1
Freebsd Freebsd	Version 2.2.2
Freebsd Freebsd	Version 2.2.5
Freebsd Freebsd	Version 2.2.6
Freebsd Freebsd	Version 2.2.7
Freebsd Freebsd	Version 2.2.8
Freebsd Freebsd	Version 2.2
Freebsd Freebsd	Version 3.0
Freebsd Freebsd	Version 3.1
Freebsd Freebsd	Version 3.2
Freebsd Freebsd	Version 3.3
Freebsd Freebsd	Version 3.4
Freebsd Freebsd	Version 3.5
Freebsd Freebsd	Version 4.0
Freebsd Freebsd	Version 4.1.1
Freebsd Freebsd	Version 4.10
Freebsd Freebsd	Version 4.11
Freebsd Freebsd	Version 4.1
Freebsd Freebsd	Version 4.2
Freebsd Freebsd	Version 4.3
Freebsd Freebsd	Version 4.4
Freebsd Freebsd	Version 4.5
Freebsd Freebsd	Version 4.6.2
Freebsd Freebsd	Version 4.6
Freebsd Freebsd	Version 4.7
Freebsd Freebsd	Version 4.8
Freebsd Freebsd	Version 4.9
Freebsd Freebsd	Version 5.0
Freebsd Freebsd	Version 5.1
Freebsd Freebsd	Version 5.2.1
Freebsd Freebsd	Version 5.2
Freebsd Freebsd	Version 5.3
Freebsd Freebsd	Version 5.4
Freebsd Freebsd	Version 5.5
Freebsd Freebsd	Version 6.0
Freebsd Freebsd	Version 6.1
Freebsd Freebsd	Version 6.2
Freebsd Freebsd	Version 6.3
Freebsd Freebsd	Version 6.4
Freebsd Freebsd	Version 7.0
Freebsd Freebsd	Version 7.1
Freebsd Freebsd	Version 7.2
Freebsd Freebsd	Version 7.3
Freebsd Freebsd	Version 7.4
Freebsd Freebsd	Version 8.0
Freebsd Freebsd	Version 8.1
Freebsd Freebsd	Version 8.2
Freebsd Freebsd	Version 8.3

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Php Php	Before 5.3.14
Php Php	From 5.4.0 to 5.4.4

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0

Related CWEs

CWE-310

References (50)

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34

Source: secalert@redhat.com

Broken LinkPatch

http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9

Source: secalert@redhat.com

Vendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

Source: secalert@redhat.com

Third Party Advisory

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-1037.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/49304

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://secunia.com/advisories/50718

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc

Source: secalert@redhat.com

Vendor Advisory

http://support.apple.com/kb/HT5501

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2012/dsa-2491

Source: secalert@redhat.com

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2012:092

Source: secalert@redhat.com

Broken Link

http://www.postgresql.org/docs/8.3/static/release-8-3-19.html

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/docs/8.4/static/release-8-4-12.html

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/docs/9.0/static/release-9-0-8.html

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/docs/9.1/static/release-9-1-4.html

Source: secalert@redhat.com

Vendor Advisory

http://www.postgresql.org/support/security/

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id?1026995

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=816956

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34