ID CVE-2006-0591
Summary The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
References
Vulnerable Configurations
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7
CVSS
Base: 1.2 (as of 08-02-2006 - 10:12)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0526.NASL
    description Updated postgresql packages that fix several security vulnerabilities are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. It is possible for an attacker to provide an application a carefully crafted string containing invalidly-encoded characters, which may be improperly escaped, allowing the attacker to inject malicious SQL. While this update fixes how PQescapeString operates, the PostgreSQL server has also been modified to prevent such an attack occurring through unpatched clients. (CVE-2006-2313, CVE-2006-2314). More details about this issue are available in the linked PostgreSQL technical documentation. An integer signedness bug was found in the way PostgreSQL generated password salts. The actual salt size is only half the size of the expected salt, making the process of brute forcing password hashes slightly easier. This update will not strengthen already existing passwords, but all newly assigned passwords will have the proper salt length. (CVE-2006-0591) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.13, which corrects these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21905
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21905
    title CentOS 3 / 4 : postgresql (CESA-2006:0526)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0526.NASL
    description Updated postgresql packages that fix several security vulnerabilities are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system (DBMS). A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. It is possible for an attacker to provide an application a carefully crafted string containing invalidly-encoded characters, which may be improperly escaped, allowing the attacker to inject malicious SQL. While this update fixes how PQescapeString operates, the PostgreSQL server has also been modified to prevent such an attack occurring through unpatched clients. (CVE-2006-2313, CVE-2006-2314). More details about this issue are available in the linked PostgreSQL technical documentation. An integer signedness bug was found in the way PostgreSQL generated password salts. The actual salt size is only half the size of the expected salt, making the process of brute forcing password hashes slightly easier. This update will not strengthen already existing passwords, but all newly assigned passwords will have the proper salt length. (CVE-2006-0591) Users of PostgreSQL should upgrade to these updated packages containing PostgreSQL version 7.4.13, which corrects these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 21595
    published 2006-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21595
    title RHEL 3 / 4 : postgresql (RHSA-2006:0526)
oval via4
accepted 2013-04-29T04:14:28.194-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
family unix
id oval:org.mitre.oval:def:11502
status accepted
submitted 2010-07-09T03:56:16-04:00
title The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
version 24
redhat via4
advisories
rhsa
id RHSA-2006:0526
refmap via4
bugtraq 20060207 crypt_blowfish 1.0
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
misc http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/crypt_gensalt.c?only_with_tag=CRYPT_BLOWFISH_1_0
osvdb 23005
secunia
  • 18772
  • 20232
  • 20653
  • 20782
sgi 20060602-01-U
vupen ADV-2006-0477
xf cryptblowfish-salt-information-disclosure(24590)
Last major update 13-07-2011 - 00:00
Published 07-02-2006 - 20:02
Last modified 19-10-2018 - 11:45
Back to Top