ID CVE-2011-2483
Summary crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
References
Vulnerable Configurations
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.6
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.6
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.5
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.5
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.4
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.4
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.3
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.3
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.2
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.2
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.1
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.1
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.3
    cpe:2.3:a:solar_designer:crypt_blowfish:0.3
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.2
    cpe:2.3:a:solar_designer:crypt_blowfish:0.2
  • PHP PHP 4.3.10
    cpe:2.3:a:php:php:4.3.10
  • PHP PHP 4.3.1
    cpe:2.3:a:php:php:4.3.1
  • PHP PHP 4.3.2
    cpe:2.3:a:php:php:4.3.2
  • PHP PHP 4.3.11
    cpe:2.3:a:php:php:4.3.11
  • PHP PHP 4.3.4
    cpe:2.3:a:php:php:4.3.4
  • PHP PHP 4.3.3
    cpe:2.3:a:php:php:4.3.3
  • PHP PHP 4.3.6
    cpe:2.3:a:php:php:4.3.6
  • PHP PHP 4.3.5
    cpe:2.3:a:php:php:4.3.5
  • PHP PHP 4.2.1
    cpe:2.3:a:php:php:4.2.1
  • PHP PHP 4.2.0
    cpe:2.3:a:php:php:4.2.0
  • PHP PHP 4.2.3
    cpe:2.3:a:php:php:4.2.3
  • PHP PHP 4.2.2
    cpe:2.3:a:php:php:4.2.2
  • PHP PHP 4.4.5
    cpe:2.3:a:php:php:4.4.5
  • PHP PHP 4.4.6
    cpe:2.3:a:php:php:4.4.6
  • PHP PHP 4.4.7
    cpe:2.3:a:php:php:4.4.7
  • PHP PHP 5.0.0
    cpe:2.3:a:php:php:5.0.0
  • PHP PHP 5.0.0 Beta1
    cpe:2.3:a:php:php:5.0.0:beta1
  • PHP 5.2.5
    cpe:2.3:a:php:php:5.2.5
  • PHP 5.2.11
    cpe:2.3:a:php:php:5.2.11
  • PHP PHP 4.3.7
    cpe:2.3:a:php:php:4.3.7
  • PHP PHP 4.3.8
    cpe:2.3:a:php:php:4.3.8
  • PHP PHP 4.3.9
    cpe:2.3:a:php:php:4.3.9
  • PHP 5.2.8
    cpe:2.3:a:php:php:5.2.8
  • PHP 5.2.6
    cpe:2.3:a:php:php:5.2.6
  • PHP PHP 4.4.0
    cpe:2.3:a:php:php:4.4.0
  • PHP PHP 4.4.1
    cpe:2.3:a:php:php:4.4.1
  • PHP PHP 4.4.2
    cpe:2.3:a:php:php:4.4.2
  • PHP PHP 4.4.3
    cpe:2.3:a:php:php:4.4.3
  • PHP PHP 4.4.4
    cpe:2.3:a:php:php:4.4.4
  • PHP PHP 5.0.5
    cpe:2.3:a:php:php:5.0.5
  • PHP PHP 5.0.4
    cpe:2.3:a:php:php:5.0.4
  • PHP 5.2.9
    cpe:2.3:a:php:php:5.2.9
  • PHP PHP 5.0.3
    cpe:2.3:a:php:php:5.0.3
  • PHP PHP 5.1.3
    cpe:2.3:a:php:php:5.1.3
  • PHP PHP 5.1.2
    cpe:2.3:a:php:php:5.1.2
  • PHP PHP 5.1.1
    cpe:2.3:a:php:php:5.1.1
  • PHP PHP 5.1.0
    cpe:2.3:a:php:php:5.1.0
  • PHP PHP 5.0.0 RC1
    cpe:2.3:a:php:php:5.0.0:rc1
  • PHP PHP 5.0.0 Beta4
    cpe:2.3:a:php:php:5.0.0:beta4
  • PHP PHP 5.0.0 Beta3
    cpe:2.3:a:php:php:5.0.0:beta3
  • PHP PHP 5.0.0 Beta2
    cpe:2.3:a:php:php:5.0.0:beta2
  • PHP PHP 5.0.2
    cpe:2.3:a:php:php:5.0.2
  • PHP PHP 5.0.1
    cpe:2.3:a:php:php:5.0.1
  • PHP PHP 5.0.0 RC3
    cpe:2.3:a:php:php:5.0.0:rc3
  • PHP PHP 5.0.0 RC2
    cpe:2.3:a:php:php:5.0.0:rc2
  • PHP 5.2.12
    cpe:2.3:a:php:php:5.2.12
  • PHP 5.2.13
    cpe:2.3:a:php:php:5.2.13
  • PHP PHP 5.1.6
    cpe:2.3:a:php:php:5.1.6
  • PHP 5.2.0
    cpe:2.3:a:php:php:5.2.0
  • PHP 5.1.4
    cpe:2.3:a:php:php:5.1.4
  • PHP PHP 5.1.5
    cpe:2.3:a:php:php:5.1.5
  • PHP 5.2.3
    cpe:2.3:a:php:php:5.2.3
  • PHP 5.2.1
    cpe:2.3:a:php:php:5.2.1
  • PHP 5.2.2
    cpe:2.3:a:php:php:5.2.2
  • PHP PHP_FI 1.0
    cpe:2.3:a:php:php:1.0
  • PHP PHP_FI 2.0b10
    cpe:2.3:a:php:php:2.0b10
  • PHP 4.4.8
    cpe:2.3:a:php:php:4.4.8
  • PHP PHP_FI 2.0
    cpe:2.3:a:php:php:2.0
  • PHP 4.4.9
    cpe:2.3:a:php:php:4.4.9
  • PHP 5.2.10
    cpe:2.3:a:php:php:5.2.10
  • PHP 5.2.4
    cpe:2.3:a:php:php:5.2.4
  • PHP PHP 4.3.0
    cpe:2.3:a:php:php:4.3.0
  • PHP 5.3.0
    cpe:2.3:a:php:php:5.3.0
  • PHP PHP 3.0.11
    cpe:2.3:a:php:php:3.0.11
  • PHP PHP 3.0.10
    cpe:2.3:a:php:php:3.0.10
  • PHP PHP 3.0.13
    cpe:2.3:a:php:php:3.0.13
  • PHP PHP 3.0.12
    cpe:2.3:a:php:php:3.0.12
  • PHP PHP 3.0.1
    cpe:2.3:a:php:php:3.0.1
  • PHP PHP 3.0
    cpe:2.3:a:php:php:3.0
  • PHP PHP 3.0.2
    cpe:2.3:a:php:php:3.0.2
  • PHP PHP 3.0.18
    cpe:2.3:a:php:php:3.0.18
  • PHP PHP 3.0.4
    cpe:2.3:a:php:php:3.0.4
  • PHP PHP 3.0.3
    cpe:2.3:a:php:php:3.0.3
  • PHP PHP 3.0.15
    cpe:2.3:a:php:php:3.0.15
  • PHP PHP 3.0.14
    cpe:2.3:a:php:php:3.0.14
  • PHP PHP 3.0.17
    cpe:2.3:a:php:php:3.0.17
  • PHP PHP 3.0.16
    cpe:2.3:a:php:php:3.0.16
  • PHP PHP 4.0 Beta 1
    cpe:2.3:a:php:php:4.0:beta1
  • PHP PHP 4.0 Beta 2
    cpe:2.3:a:php:php:4.0:beta2
  • PHP PHP 3.0.9
    cpe:2.3:a:php:php:3.0.9
  • PHP PHP 3.0.7
    cpe:2.3:a:php:php:3.0.7
  • PHP PHP 3.0.8
    cpe:2.3:a:php:php:3.0.8
  • PHP PHP 3.0.5
    cpe:2.3:a:php:php:3.0.5
  • PHP PHP 3.0.6
    cpe:2.3:a:php:php:3.0.6
  • PHP PHP 4.0.1
    cpe:2.3:a:php:php:4.0.1
  • PHP PHP 4.0.0
    cpe:2.3:a:php:php:4.0.0
  • PHP PHP 4.0 Beta 4 Patch Level 1
    cpe:2.3:a:php:php:4.0:beta_4_patch1
  • PHP PHP 4.0 Beta 3
    cpe:2.3:a:php:php:4.0:beta3
  • PHP PHP 4.0 Beta 4
    cpe:2.3:a:php:php:4.0:beta4
  • PHP PHP 4.0.6
    cpe:2.3:a:php:php:4.0.6
  • PHP PHP 4.0.5
    cpe:2.3:a:php:php:4.0.5
  • PHP PHP 4.0.4
    cpe:2.3:a:php:php:4.0.4
  • PHP PHP 4.0.3
    cpe:2.3:a:php:php:4.0.3
  • PHP PHP 4.0.2
    cpe:2.3:a:php:php:4.0.2
  • PHP PHP 4.1.2
    cpe:2.3:a:php:php:4.1.2
  • PHP PHP 4.1.1
    cpe:2.3:a:php:php:4.1.1
  • PHP PHP 4.1.0
    cpe:2.3:a:php:php:4.1.0
  • PHP 5.2.14
    cpe:2.3:a:php:php:5.2.14
  • PHP PHP 4.0.7
    cpe:2.3:a:php:php:4.0.7
  • PHP 5.3.1
    cpe:2.3:a:php:php:5.3.1
  • PHP 5.3.2
    cpe:2.3:a:php:php:5.3.2
  • PHP 5.3.3
    cpe:2.3:a:php:php:5.3.3
  • PHP 5.3.4
    cpe:2.3:a:php:php:5.3.4
  • PHP 5.3.5
    cpe:2.3:a:php:php:5.3.5
  • PHP 5.3.6
    cpe:2.3:a:php:php:5.3.6
  • cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7
    cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7
CVSS
Base: 5.0 (as of 25-08-2011 - 11:00)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-214.NASL
    description - Security and bugfix release 9.1.3 : - Require execute permission on the trigger function for 'CREATE TRIGGER' (CVE-2012-0866, bnc#749299). - Remove arbitrary limitation on length of common name in SSL certificates (CVE-2012-0867, bnc#749301). - Convert newlines to spaces in names written in pg_dump comments (CVE-2012-0868, bnc#749303). See the release notes for the rest of the changes: http://www.postgresql.org/docs/9.1/static/release-9-1-3.html /usr/share/doc/packages/postgresql/HISTORY
    last seen 2019-01-16
    modified 2018-12-18
    plugin id 74591
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74591
    title openSUSE Security Update : postgresql (openSUSE-SU-2012:0480-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_POSTGRESQL-8311.NASL
    description PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - This update fixes arbitrary read and write of files via XSL functionality. (CVE-2012-3488) - postgresql: denial of service (stack exhaustion) via specially crafted SQL. (CVE-2012-2655) - crypt_blowfish was mishandling 8 bit characters. (CVE-2011-2483)
    last seen 2019-01-16
    modified 2014-08-16
    plugin id 62545
    published 2012-10-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62545
    title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBXCRYPT-110824.NASL
    description The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.
    last seen 2019-01-16
    modified 2013-10-25
    plugin id 56018
    published 2011-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56018
    title SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_MAN-PAGES-110823.NASL
    description The crypt(3) manpage was updated to also list the 2y prefix.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75943
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75943
    title openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBXCRYPT-110824.NASL
    description The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75631
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75631
    title openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-179.NASL
    description Multiple vulnerabilities was discovered and fixed in glibc : The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 61938
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61938
    title Mandriva Linux Security Advisory : glibc (MDVSA-2011:179)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GLIBC-7663.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2017-10-29
    modified 2013-12-05
    plugin id 57202
    published 2011-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57202
    title SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) (deprecated)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111017_POSTGRESQL84_ON_SL5_X.NASL
    description PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 61154
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61154
    title Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_GLIBC-110729.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75852
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75852
    title openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_3.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 57797
    published 2012-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57797
    title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11537.NASL
    description Security Enhancements and Fixes : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1 Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 56219
    published 2011-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56219
    title Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_GLIBC-110729.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75519
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75519
    title openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1378.NASL
    description Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 56534
    published 2011-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56534
    title RHEL 5 : postgresql84 (RHSA-2011:1378)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-22.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the 'intarray' module enabled, possibly resulting in the execution of arbitrary code with the privileges of the PostgreSQL server process, or a Denial of Service condition. Furthermore, a remote authenticated attacker could execute arbitrary Perl code, cause a Denial of Service condition via different vectors, bypass LDAP authentication, bypass X.509 certificate validation, gain database privileges, exploit weak blowfish encryption and possibly cause other unspecified impact. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 56626
    published 2011-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56626
    title GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-7.NASL
    description PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. php: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.' An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.' Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code.
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 78268
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78268
    title Amazon Linux AMI : php (ALAS-2011-7)
  • NASL family Web Servers
    NASL id HPSMH_7_0_0_24.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195) - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846) - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors. (CVE-2012-0135, CVE-2012-1993) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268) - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639) - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210) - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 58811
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58811
    title HP System Management Homepage < 7.0 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-06.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 56459
    published 2011-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56459
    title GLSA-201110-06 : PHP: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-178.NASL
    description Multiple vulnerabilities was discovered and fixed in glibc : Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071). The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 56953
    published 2011-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56953
    title Mandriva Linux Security Advisory : glibc (MDVSA-2011:178)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-12.NASL
    description A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'.
    last seen 2019-01-16
    modified 2018-04-18
    plugin id 69571
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69571
    title Amazon Linux AMI : postgresql (ALAS-2011-12)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-161.NASL
    description A vulnerability was discovered and corrected in postgresql : contrib/pg_crypto's blowfish encryption code could give wrong results on platforms where char is signed (which is most), leading to encrypted passwords being weaker than they should be (CVE-2011-2483). Additionally corrected ossp-uuid packages as well as corrected support in postgresql 9.0.x are being provided for Mandriva Linux 2011. This update provides a solution to this vulnerability.
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 56627
    published 2011-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56627
    title Mandriva Linux Security Advisory : postgresql (MDVSA-2011:161)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12813.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2013-12-05
    plugin id 55918
    published 2011-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55918
    title SuSE9 Security Update : glibc suite (YOU Patch Number 12813)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-180.NASL
    description A vulnerability was discovered and fixed in php-suhosin : crypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct this issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 56968
    published 2011-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56968
    title Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2340.NASL
    description magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 56730
    published 2011-11-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56730
    title Debian DSA-2340-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-001.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
    last seen 2019-01-16
    modified 2018-07-14
    plugin id 57798
    published 2012-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57798
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_YAST2-CORE-110822.NASL
    description This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 76052
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76052
    title openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MAN-PAGES-110825.NASL
    description Manual pages for several kernel and library functions were added. The crypt(3) manual page was updated to also list the 2y prefix.
    last seen 2019-01-16
    modified 2013-10-25
    plugin id 56019
    published 2011-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56019
    title SuSE 11.1 Security Update : man-pages (SAT Patch Number 5064)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL
    description The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to '$2x$' in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details. File uploads could potentially overwrite files owned by the user running php (CVE-2011-2202). A long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268) Incorrect implementation of the error_log function could crash php (CVE-2011-3267)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75791
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75791
    title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1378.NASL
    description Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 56536
    published 2011-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56536
    title CentOS 5 : postgresql84 (CESA-2011:1378)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2013-849.NASL
    description - update to 5.0.26 [bnc#848594] - Added the .cf TLD server. - Updated the .bi TLD server. - Added a new ASN allocation. - includes changes from 5.0.25 - Added the .ax, .bn, .iq, .pw and .rw TLD servers. - Updated one or more translations. - includes updates changes 5.0.24 : - Merged documentation fixes and the whois.conf(5) man page - Added a new ASN allocation. - Updated one or more translations. - includes changes from 5.0.23 - whois.nic.or.kr switched from EUC-KR to UTF-8. - includes changes from 5.0.22 - Fixed cross-compiling - includes changes from 5.0.21 - Fixed parsing of 6to4 addresses - Added the .xn--j1amh (.укр, Ukraine) TLD server. - Updated the .bi, .se and .vn TLD servers. - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken. - Updated some disclaimer suppression strings. - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling. - includes changes form 5.0.20 - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers. - Added the .bw, .td, .xn--mgb9awbf (عمان ;., Oman), .xn--mgberp4a5d4ar (.السØ&sup 1;وديØ&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (ﻢﻠï»&acu te;ﺴﻳïº 41;., Malaysia) TLD servers. - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (ایرØ&sec t;Ù†., Iran) TLD servers. - includes changes from 5.0.19 - Added the .post TLD server. - Updated the .co.za SLD servers. - Added the .alt.za, .net.za and .web.za SLD servers. - whois.ua changed (?) the encoding to utf-8. - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::. - includes changes from 5.0.18 - Updated the .ae and .xn--mgbaam7a8h (.اماØ&plu smn;ات, United Arabs Emirates) TLDs. - Updated the server charset table for .fr and .it. - includes changes from whois 5.0.17 - Updated the .bi, .fo, .gr and .gt TLD servers. - Removed support for recursion of .org queries, it has been a thick registry since 2005. - includes changes from 5.0.16 - Added the .xn--80ao21a (.ҚАЗ, Kazakhstan) TLD server. - Updated the .ec and .ee TLD servers. - Removed the .xn--mgbc0a9azcg (.المØ&ord m;رب, Morocco) and .xn--mgberp4a5d4ar (.السØ&sup 1;وديØ&cop y;, Saudi Arabia) TLD servers. - Added a new ASN allocation. - Updated one or more translations. - includes changes from 5.0.15 - Added the .xn--mgba3a4f16a (ایرØ&sec t;Ù†., Iran) TLD server. - Updated the .pe TLD server, this time for real. - Updated one or more translations. - includes changes from 5.0.14 - Added the .sx TLD server. - Updated the .pe TLD server. - includes changes from 5.0.13 - Updated the .hr TLD server. - Improved the package description - Updated the FSF address in licenses. - includes changes from 5.0.12 - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE). - Add the '+' flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the 'a' and 'n' flags. No thanks to ARIN for breaking every whois client. - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.한국, Korea), .xn--45brj9c (.ভাà& brvbar;°à¦¤, India, Bengali), .xn--90a3ac (.СРБ, Serbia), .xn--clchc0ea0b2g2a9gcd (.சிà®& #153;்க஠;ªà¯à®ªà&m acr;‚ர், Singapore, Tamil), .xn--fpcrj9c3d (.à°­à°¾à°&d eg;త్, India, Telugu), .xn--fzc2c9e2c (.ලංà&par a;šà·, Sri Lanka, Sinhala), .xn--gecrj9c (.ભાઠ;°àª¤, India, Gujarati), .xn--h2brj9c (.भाà& curren;°à¤¤, India, Hindi), .xn--lgbbat1ad8j (.الجز ;ائر, Algeria), .xn--mgbayh7gpa (.الاØ&plu smn;دن, Jordan), .xn--mgbbh1a71e (.بھاØ&pl usmn;ت, India, Urdu), .xn--mgbc0a9azcg (.المØ&ord m;رب, Morocco), .xn--ogbpf8fl (.سورÙ&# 138;Ø©, Syria), .xn--s9brj9c (.ਭਾà¨&d eg;ਤ, India, Punjabi), .xn--xkc2al3hye2a (.இலà® 53;்க௠ˆ, Sri Lanka, Tamil), .xn--wgbl6a (.قطر, Qatar), .xn--xkc2dl3a5ee0h (.இந௠41;திà&re g;¯à®¾, India, Tamil), .xn--yfro4i67o (.新加å&iex cl;, Singapore, Chinese) and .xxx TLD servers. (Closes: #642424), - Added the .priv.at pseudo-SLD server. - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478) - Added a new ASN allocation. - Fixed a typo and -t syntax in whois(1). (Closes: #614973, #632588) - Made whois return an error in some cases, code contributed by David Souther. - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE. - mkpasswd: stop rejecting non-ASCII characters. - mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483. - mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default. - mkpasswd: removed support for 2 and {SHA}, which actually are not supported by FreeBSD and libxcrypt. - packaging changes - removed patches accepted upstream: whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre fix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis h-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff - removed patches no longer required: whois-5.0.11-mkpasswd-fix-compiler-warnings.diff - updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch - verify source signatures - crypt_gensalt moved to separate library libowcrypt (fate#314945) - update to 5.0.26 [bnc#848594] - Added the .cf TLD server. - Updated the .bi TLD server. - Added a new ASN allocation. - includes changes from 5.0.25 - Added the .ax, .bn, .iq, .pw and .rw TLD servers. - Updated one or more translations. - includes updates changes 5.0.24 : - Merged documentation fixes and the whois.conf(5) man page - Added a new ASN allocation. - Updated one or more translations. - includes changes from 5.0.23 - whois.nic.or.kr switched from EUC-KR to UTF-8. - includes changes from 5.0.22 - Fixed cross-compiling - includes changes from 5.0.21 - Fixed parsing of 6to4 addresses - Added the .xn--j1amh (.укр, Ukraine) TLD server. - Updated the .bi, .se and .vn TLD servers. - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken. - Updated some disclaimer suppression strings. - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling. - includes changes form 5.0.20 - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers. - Added the .bw, .td, .xn--mgb9awbf (عمان ;., Oman), .xn--mgberp4a5d4ar (.السØ&sup 1;وديØ&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (ﻢﻠï»&acu te;ﺴﻳïº 41;., Malaysia) TLD servers. - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (ایرØ&sec t;Ù†., Iran) TLD servers. - includes changes from 5.0.19 - Added the .post TLD server. - Updated the .co.za SLD servers. - Added the .alt.za, .net.za and .web.za SLD servers. - whois.ua changed (?) the encoding to utf-8. - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::. - includes changes from 5.0.18 - Updated the .ae and .xn--mgbaam7a8h (.اماØ&plu smn;ات, United Arabs Emirates) TLDs. - Updated the server charset table for .fr and .it. - includes changes from whois 5.0.17 - Updated the .bi, .fo, .gr and .gt TLD servers. - Removed support for recursion of .org queries, it has been a thick registry since 2005. - includes changes from 5.0.16 - Added the .xn--80ao21a (.ҚАЗ, Kazakhstan) TLD server. - Updated the .ec and .ee TLD servers. - Removed the .xn--mgbc0a9azcg (.المØ&ord m;رب, Morocco) and .xn--mgberp4a5d4ar (.السØ&sup 1;وديØ&cop y;, Saudi Arabia) TLD servers. - Added a new ASN allocation. - Updated one or more translations. - includes changes from 5.0.15 - Added the .xn--mgba3a4f16a (ایرØ&sec t;Ù†., Iran) TLD server. - Updated the .pe TLD server, this time for real. - Updated one or more translations. - includes changes from 5.0.14 - Added the .sx TLD server. - Updated the .pe TLD server. - includes changes from 5.0.13 - Updated the .hr TLD server. - Improved the package description - Updated the FSF address in licenses. - includes changes from 5.0.12 - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE). - Add the '+' flag by default to queries to whois.arin.net if the argument looks like an IP address. Also add the 'a' and 'n' flags. No thanks to ARIN for breaking every whois client. - Added the .cv, .lk, .mq, .sy, .so, .biz.ua, .co.ua, .pp.ua, .qa, .xn--3e0b707e (.한국, Korea), .xn--45brj9c (.ভাà& brvbar;°à¦¤, India, Bengali), .xn--90a3ac (.СРБ, Serbia), .xn--clchc0ea0b2g2a9gcd (.சிà®& #153;்க஠;ªà¯à®ªà&m acr;‚ர், Singapore, Tamil), .xn--fpcrj9c3d (.à°­à°¾à°&d eg;త్, India, Telugu), .xn--fzc2c9e2c (.ලංà&par a;šà·, Sri Lanka, Sinhala), .xn--gecrj9c (.ભાઠ;°àª¤, India, Gujarati), .xn--h2brj9c (.भाà& curren;°à¤¤, India, Hindi), .xn--lgbbat1ad8j (.الجز ;ائر, Algeria), .xn--mgbayh7gpa (.الاØ&plu smn;دن, Jordan), .xn--mgbbh1a71e (.بھاØ&pl usmn;ت, India, Urdu), .xn--mgbc0a9azcg (.المØ&ord m;رب, Morocco), .xn--ogbpf8fl (.سورÙ&# 138;Ø©, Syria), .xn--s9brj9c (.ਭਾà¨&d eg;ਤ, India, Punjabi), .xn--xkc2al3hye2a (.இலà® 53;்க௠ˆ, Sri Lanka, Tamil), .xn--wgbl6a (.قطر, Qatar), .xn--xkc2dl3a5ee0h (.இந௠41;திà&re g;¯à®¾, India, Tamil), .xn--yfro4i67o (.新加å&iex cl;, Singapore, Chinese) and .xxx TLD servers. (Closes: #642424), - Added the .priv.at pseudo-SLD server. - Updated the .co, .gf, .gp, .kr, .li, .rs, .ru, .su, .sv, .ua and .xn--p1ai TLD servers. (Closes: #590425, #634830, #627478) - Added a new ASN allocation. - Fixed a typo and -t syntax in whois(1). (Closes: #614973, #632588) - Made whois return an error in some cases, code contributed by David Souther. - Split HAVE_LINUX_CRYPT_GENSALT from HAVE_XCRYPT to support SuSE, which has it builtin in the libc. Added untested support for Solaris' crypt_gensalt(3). This and the following changes have been contributed by Ludwig Nussel of SuSE. - mkpasswd: stop rejecting non-ASCII characters. - mkpasswd: added support for the 2y algorithm, which fixes CVE-2011-2483. - mkpasswd: raised the number of rounds for 2a/2y from 4 to 5, which is the current default. - mkpasswd: removed support for 2 and {SHA}, which actually are not supported by FreeBSD and libxcrypt. - packaging changes - removed patches accepted upstream: whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-pre fix.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfis h-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.d iff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff - removed patches no longer required: whois-5.0.11-mkpasswd-fix-compiler-warnings.diff - updated patches: whois-4.7.33-nb.patch to whois-5.0.25-nb.patch - verify source signatures - crypt_gensalt moved to separate library libowcrypt (fate#314945)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75198
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75198
    title openSUSE Security Update : whois (openSUSE-SU-2013:1670-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL
    description PHP development team reports : Security Enhancements and Fixes in PHP 5.3.7 : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 55912
    published 2011-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55912
    title FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GLIBC-7659.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2013-12-05
    plugin id 55920
    published 2011-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55920
    title SuSE 10 Security Update : glibc (ZYPP Patch Number 7659)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_YAST2-CORE-110822.NASL
    description This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75781
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75781
    title openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1423.NASL
    description From Red Hat Security Advisory 2011:1423 : Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details. An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) Multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471) A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202) All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68382
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68382
    title Oracle Linux 5 / 6 : php / php53 (ELSA-2011-1423)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GLIBC-BLOWFISH-7663.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2013-12-05
    plugin id 58576
    published 2012-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58576
    title SuSE 10 Security Update : glibc (ZYPP Patch Number 7663)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1423.NASL
    description Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details. An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) Multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471) A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202) All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 56695
    published 2011-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56695
    title CentOS 5 : php53 (CESA-2011:1423)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2011-237-01.NASL
    description New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen 2019-01-16
    modified 2018-06-27
    plugin id 55980
    published 2011-08-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55980
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1378.NASL
    description From Red Hat Security Advisory 2011:1378 : Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. These updated postgresql84 packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68371
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68371
    title Oracle Linux 5 : postgresql84 (ELSA-2011-1378)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1377.NASL
    description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html For Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-12-20
    plugin id 56533
    published 2011-10-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56533
    title RHEL 4 / 5 / 6 : postgresql (RHSA-2011:1377)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-110729.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2017-10-29
    modified 2013-12-05
    plugin id 55919
    published 2012-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55919
    title SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_YAST2-CORE-110830.NASL
    description This update of yast2-core fixes security issues and a bug : - When setting a password for a user, use blowfish algorithm id 2y instead of 2a. (bnc#700876 / CVE-2011-2483) - Log YCP client arguments only with y2debug, not to reveal AutoYaST passwords. (bnc#492746) - ini-agent: Fixed a test failure 'wrong stderr for nonex' (bnc#706705)
    last seen 2019-01-16
    modified 2013-10-25
    plugin id 56034
    published 2011-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56034
    title SuSE 11.1 Security Update : yast2-core (SAT Patch Number 5078)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL
    description The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id '$2a$' for passwords that contain 8-bit characters will no longer be compatible with newly generated hashes. Affected users will either have to change their password to store a new hash or the id of the existing hash has to be manually changed to '$2x$' in order to activate a compat mode. Please see the description of the CVE-2011-2483 glibc update for details. File uploads could potentially overwrite files owned by the user running php (CVE-2011-2202). A long salt argument to the crypt function could cause a buffer overflow (CVE-2011-3268)
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75433
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75433
    title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_LIBXCRYPT-110824.NASL
    description The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 75934
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75934
    title openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1377.NASL
    description From Red Hat Security Advisory 2011:1377 : Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html For Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 68370
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68370
    title Oracle Linux 4 / 5 / 6 : postgresql (ELSA-2011-1377)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11528.NASL
    description Security Enhancements and Fixes : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1 Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 56218
    published 2011-09-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56218
    title Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2012-1336-1.NASL
    description PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service (stack exhaustion) via specially crafted SQL. - CVE-2011-2483: crypt_blowfish was mishandling 8 bit characters. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-05-20
    plugin id 83561
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83561
    title SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-11464.NASL
    description Security Enhancements and Fixes : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1 Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8 php package now provides both apache modules (for prefork and worker MPM). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-11-28
    plugin id 56150
    published 2011-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56150
    title Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL13519.NASL
    description PHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products : CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. CVE-2010-3710 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-3268 Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
    last seen 2019-01-16
    modified 2019-01-04
    plugin id 78134
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78134
    title F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2011-1377.NASL
    description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. For Red Hat Enterprise Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html For Red Hat Enterprise Linux 4 and 5, the updated postgresql packages contain a backported patch. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 56535
    published 2011-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56535
    title CentOS 4 / 5 : postgresql (CESA-2011:1377)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1423.NASL
    description Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details. An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) Multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471) A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202) All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-11-26
    plugin id 56699
    published 2011-11-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56699
    title RHEL 5 / 6 : php53 and php (RHSA-2011:1423)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_MAN-PAGES-110823.NASL
    description The crypt(3) manpage was updated to also list the 2y prefix.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 75642
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75642
    title openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1229-1.NASL
    description It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 56506
    published 2011-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56506
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_GLIBC-BLOWFISH-110729.NASL
    description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd
    last seen 2019-01-16
    modified 2013-12-05
    plugin id 57839
    published 2012-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57839
    title SuSE 11.1 Security Update : glibc (SAT Patch Number 4944)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-07.NASL
    description The MITRE CVE database describes these CVEs as : Revert is_a() behavior to php <= 5.3.6 and add a new new option (allow_string) for the new behavior (accept string and raise autoload if needed) Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a 'file path injection vulnerability.' crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function.
    last seen 2019-01-16
    modified 2016-01-27
    plugin id 69566
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69566
    title Amazon Linux AMI : php (ALAS-2011-07)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL
    description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream 'CRYPT_BLOWFISH security fix details' document, linked to in the References, for details. An insufficient input validation flaw, leading to a buffer over-read, was found in the PHP exif extension. A specially crafted image file could cause the PHP interpreter to crash when a PHP script tries to extract Exchangeable image file format (Exif) metadata from the image file. (CVE-2011-0708) An integer overflow flaw was found in the PHP calendar extension. A remote attacker able to make a PHP script call SdnToJulian() with a large value could cause the PHP interpreter to crash. (CVE-2011-1466) Multiple memory leak flaws were found in the PHP OpenSSL extension. A remote attacker able to make a PHP script use openssl_encrypt() or openssl_decrypt() repeatedly could cause the PHP interpreter to use an excessive amount of memory. (CVE-2011-1468) A use-after-free flaw was found in the PHP substr_replace() function. If a PHP script used the same variable as multiple function arguments, a remote attacker could possibly use this to crash the PHP interpreter or, possibly, execute arbitrary code. (CVE-2011-1148) A bug in the PHP Streams component caused the PHP interpreter to crash if an FTP wrapper connection was made through an HTTP proxy. A remote attacker could possibly trigger this issue if a PHP script accepted an untrusted URL to connect to. (CVE-2011-1469) An integer signedness issue was found in the PHP zip extension. An attacker could use a specially crafted ZIP archive to cause the PHP interpreter to use an excessive amount of CPU time until the script execution time limit is reached. (CVE-2011-1471) A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. (CVE-2011-1938) An off-by-one flaw was found in PHP. If an attacker uploaded a file with a specially crafted file name it could cause a PHP script to attempt to write a file to the root (/) directory. By default, PHP runs as the 'apache' user, preventing it from writing to the root directory. (CVE-2011-2202) All php53 and php users should upgrade to these updated packages, which contain backported patches to resolve these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 61168
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61168
    title Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20111017_POSTGRESQL_ON_SL4_X.NASL
    description PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to '$2x$'. For Scientific Linux 6, the updated postgresql packages upgrade PostgreSQL to version 8.4.9. Refer to the PostgreSQL Release Notes for a full list of changes : http://www.postgresql.org/docs/8.4/static/release.html For Scientific Linux 4 and 5, the updated postgresql packages contain a backported patch. All PostgreSQL users are advised to upgrade to these updated packages, which correct this issue. If the postgresql service is running, it will be automatically restarted after installing this update.
    last seen 2019-01-16
    modified 2018-12-31
    plugin id 61155
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61155
    title Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64
  • NASL family CGI abuses
    NASL id PHP_5_3_7.NASL
    description According to its banner, the version of PHP 5.3.x running on the remote host is prior to 5.3.7. It is, therefore, affected by the following vulnerabilities : - A use-after-free vulnerability in substr_replace(). (CVE-2011-1148) - A stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - A code execution vulnerability in ZipArchive::addGlob(). (CVE-2011-1657) - crypt_blowfish was updated to 1.2. (CVE-2011-2483) - Multiple NULL pointer dereferences. (CVE-2011-3182) - An unspecified crash in error_log(). (CVE-2011-3267) - A buffer overflow in crypt(). (CVE-2011-3268) - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 55925
    published 2011-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55925
    title PHP 5.3 < 5.3.7 Multiple Vulnerabilities
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1231-1.NASL
    description Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-1938) Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2202) It was discovered that the crypt function for blowfish does not properly handle 8-bit characters. This could make it easier for an attacker to discover a cleartext password containing an 8-bit character that has a matching blowfish crypt value. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-2483) It was discovered that PHP did not properly check the return values of the malloc(3), calloc(3) and realloc(3) library functions in multiple locations. This could allow an attacker to cause a denial of service via a NULL pointer dereference or possibly execute arbitrary code. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. (CVE-2011-3182) Maksymilian Arciemowicz discovered that PHP did not properly implement the error_log function. This could allow an attacker to cause a denial of service via an application crash. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3267) Maksymilian Arciemowicz discovered that the ZipArchive functions addGlob() and addPattern() did not properly check their flag arguments. This could allow a malicious script author to cause a denial of service via application crash. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-1657) It was discovered that the Xend opcode parser in PHP could be interrupted while handling the shift-left, shift-right, and bitwise-xor opcodes. This could allow a malicious script author to expose memory contents. This issue affected Ubuntu 10.04 LTS. (CVE-2010-1914) It was discovered that the strrchr function in PHP could be interrupted by a malicious script, allowing the exposure of memory contents. This issue affected Ubuntu 8.04 LTS. (CVE-2010-2484). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 56554
    published 2011-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56554
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-165.NASL
    description Multiple vulnerabilities has been identified and fixed in php : Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments (CVE-2011-1148). The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND (CVE-2011-1657). Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket (CVE-2011-1938). The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a file path injection vulnerability. (CVE-2011-2202). crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182). PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors (CVE-2011-3267). Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483 (CVE-2011-3268). The updated php packages have been upgraded to 5.3.8 which is not vulnerable to these issues. Additionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version.
    last seen 2019-01-16
    modified 2019-01-02
    plugin id 56707
    published 2011-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56707
    title Mandriva Linux Security Advisory : php (MDVSA-2011:165)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2399.NASL
    description Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. - CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash. - CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file. - CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters. - CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem. NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 57753
    published 2012-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57753
    title Debian DSA-2399-2 : php5 - several vulnerabilities
redhat via4
advisories
  • bugzilla
    id 715025
    title CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment postgresql is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377002
          • comment postgresql is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064026
        • AND
          • comment postgresql-contrib is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377018
          • comment postgresql-contrib is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064038
        • AND
          • comment postgresql-devel is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377010
          • comment postgresql-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064036
        • AND
          • comment postgresql-docs is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377016
          • comment postgresql-docs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064046
        • AND
          • comment postgresql-jdbc is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377020
          • comment postgresql-jdbc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064032
        • AND
          • comment postgresql-libs is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377006
          • comment postgresql-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064030
        • AND
          • comment postgresql-pl is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377004
          • comment postgresql-pl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064028
        • AND
          • comment postgresql-python is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377008
          • comment postgresql-python is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064044
        • AND
          • comment postgresql-server is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377014
          • comment postgresql-server is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064034
        • AND
          • comment postgresql-tcl is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377012
          • comment postgresql-tcl is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064040
        • AND
          • comment postgresql-test is earlier than 0:7.4.30-3.el4
            oval oval:com.redhat.rhsa:tst:20111377022
          • comment postgresql-test is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070064042
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment postgresql is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377028
          • comment postgresql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908006
        • AND
          • comment postgresql-contrib is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377042
          • comment postgresql-contrib is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908014
        • AND
          • comment postgresql-devel is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377034
          • comment postgresql-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908010
        • AND
          • comment postgresql-docs is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377040
          • comment postgresql-docs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908016
        • AND
          • comment postgresql-libs is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377044
          • comment postgresql-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908024
        • AND
          • comment postgresql-plperl is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377032
          • comment postgresql-plperl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908022
        • AND
          • comment postgresql-plpython is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377038
          • comment postgresql-plpython is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908018
        • AND
          • comment postgresql-pltcl is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377046
          • comment postgresql-pltcl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908020
        • AND
          • comment postgresql-server is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377036
          • comment postgresql-server is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908012
        • AND
          • comment postgresql-test is earlier than 0:8.4.9-1.el6_1.1
            oval oval:com.redhat.rhsa:tst:20111377030
          • comment postgresql-test is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100908008
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment postgresql is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377049
          • comment postgresql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068003
        • AND
          • comment postgresql-contrib is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377055
          • comment postgresql-contrib is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068013
        • AND
          • comment postgresql-devel is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377053
          • comment postgresql-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068009
        • AND
          • comment postgresql-docs is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377059
          • comment postgresql-docs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068005
        • AND
          • comment postgresql-libs is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377051
          • comment postgresql-libs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068011
        • AND
          • comment postgresql-pl is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377063
          • comment postgresql-pl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068017
        • AND
          • comment postgresql-python is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377067
          • comment postgresql-python is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068015
        • AND
          • comment postgresql-server is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377065
          • comment postgresql-server is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068019
        • AND
          • comment postgresql-tcl is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377061
          • comment postgresql-tcl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068007
        • AND
          • comment postgresql-test is earlier than 0:8.1.23-1.el5_7.2
            oval oval:com.redhat.rhsa:tst:20111377057
          • comment postgresql-test is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070068021
    rhsa
    id RHSA-2011:1377
    released 2011-10-17
    severity Moderate
    title RHSA-2011:1377: postgresql security update (Moderate)
  • bugzilla
    id 715025
    title CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment postgresql84 is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378002
        • comment postgresql84 is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430003
      • AND
        • comment postgresql84-contrib is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378012
        • comment postgresql84-contrib is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430023
      • AND
        • comment postgresql84-devel is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378010
        • comment postgresql84-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430017
      • AND
        • comment postgresql84-docs is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378024
        • comment postgresql84-docs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430011
      • AND
        • comment postgresql84-libs is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378004
        • comment postgresql84-libs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430013
      • AND
        • comment postgresql84-plperl is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378022
        • comment postgresql84-plperl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430005
      • AND
        • comment postgresql84-plpython is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378016
        • comment postgresql84-plpython is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430019
      • AND
        • comment postgresql84-pltcl is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378006
        • comment postgresql84-pltcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430015
      • AND
        • comment postgresql84-python is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378020
        • comment postgresql84-python is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430025
      • AND
        • comment postgresql84-server is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378014
        • comment postgresql84-server is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430007
      • AND
        • comment postgresql84-tcl is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378008
        • comment postgresql84-tcl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430009
      • AND
        • comment postgresql84-test is earlier than 0:8.4.9-1.el5_7.1
          oval oval:com.redhat.rhsa:tst:20111378018
        • comment postgresql84-test is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100430021
    rhsa
    id RHSA-2011:1378
    released 2011-10-17
    severity Moderate
    title RHSA-2011:1378: postgresql84 security update (Moderate)
  • bugzilla
    id 715025
    title CVE-2011-2483 crypt_blowfish: 8-bit character mishandling allows different password pairs to produce the same hash
    oval
    OR
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhsa:tst:20100842001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhsa:tst:20100842002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhsa:tst:20100842003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhsa:tst:20100842004
      • OR
        • AND
          • comment php is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423005
          • comment php is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195006
        • AND
          • comment php-bcmath is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423035
          • comment php-bcmath is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195048
        • AND
          • comment php-cli is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423013
          • comment php-cli is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195044
        • AND
          • comment php-common is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423011
          • comment php-common is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195010
        • AND
          • comment php-dba is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423023
          • comment php-dba is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195054
        • AND
          • comment php-devel is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423053
          • comment php-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195032
        • AND
          • comment php-embedded is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423049
          • comment php-embedded is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195038
        • AND
          • comment php-enchant is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423051
          • comment php-enchant is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195026
        • AND
          • comment php-gd is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423037
          • comment php-gd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195056
        • AND
          • comment php-imap is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423033
          • comment php-imap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195040
        • AND
          • comment php-intl is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423045
          • comment php-intl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195030
        • AND
          • comment php-ldap is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423025
          • comment php-ldap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195046
        • AND
          • comment php-mbstring is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423015
          • comment php-mbstring is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195042
        • AND
          • comment php-mysql is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423009
          • comment php-mysql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195008
        • AND
          • comment php-odbc is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423047
          • comment php-odbc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195020
        • AND
          • comment php-pdo is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423019
          • comment php-pdo is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195018
        • AND
          • comment php-pgsql is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423007
          • comment php-pgsql is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195014
        • AND
          • comment php-process is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423027
          • comment php-process is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195016
        • AND
          • comment php-pspell is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423021
          • comment php-pspell is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195028
        • AND
          • comment php-recode is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423041
          • comment php-recode is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195050
        • AND
          • comment php-snmp is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423029
          • comment php-snmp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195036
        • AND
          • comment php-soap is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423039
          • comment php-soap is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195024
        • AND
          • comment php-tidy is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423055
          • comment php-tidy is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195012
        • AND
          • comment php-xml is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423031
          • comment php-xml is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195022
        • AND
          • comment php-xmlrpc is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423043
          • comment php-xmlrpc is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195052
        • AND
          • comment php-zts is earlier than 0:5.3.3-3.el6_1.3
            oval oval:com.redhat.rhsa:tst:20111423017
          • comment php-zts is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20110195034
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment php53 is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423058
          • comment php53 is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196003
        • AND
          • comment php53-bcmath is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423060
          • comment php53-bcmath is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196015
        • AND
          • comment php53-cli is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423098
          • comment php53-cli is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196025
        • AND
          • comment php53-common is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423070
          • comment php53-common is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196023
        • AND
          • comment php53-dba is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423082
          • comment php53-dba is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196019
        • AND
          • comment php53-devel is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423066
          • comment php53-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196033
        • AND
          • comment php53-gd is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423072
          • comment php53-gd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196021
        • AND
          • comment php53-imap is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423068
          • comment php53-imap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196005
        • AND
          • comment php53-intl is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423092
          • comment php53-intl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196043
        • AND
          • comment php53-ldap is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423080
          • comment php53-ldap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196031
        • AND
          • comment php53-mbstring is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423090
          • comment php53-mbstring is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196029
        • AND
          • comment php53-mysql is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423086
          • comment php53-mysql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196013
        • AND
          • comment php53-odbc is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423078
          • comment php53-odbc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196037
        • AND
          • comment php53-pdo is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423094
          • comment php53-pdo is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196011
        • AND
          • comment php53-pgsql is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423074
          • comment php53-pgsql is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196007
        • AND
          • comment php53-process is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423096
          • comment php53-process is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196027
        • AND
          • comment php53-pspell is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423088
          • comment php53-pspell is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196039
        • AND
          • comment php53-snmp is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423064
          • comment php53-snmp is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196009
        • AND
          • comment php53-soap is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423062
          • comment php53-soap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196041
        • AND
          • comment php53-xml is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423084
          • comment php53-xml is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196035
        • AND
          • comment php53-xmlrpc is earlier than 0:5.3.3-1.el5_7.3
            oval oval:com.redhat.rhsa:tst:20111423076
          • comment php53-xmlrpc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20110196017
    rhsa
    id RHSA-2011:1423
    released 2011-11-02
    severity Moderate
    title RHSA-2011:1423: php53 and php security update (Moderate)
rpms
  • postgresql-0:7.4.30-3.el4
  • postgresql-contrib-0:7.4.30-3.el4
  • postgresql-devel-0:7.4.30-3.el4
  • postgresql-docs-0:7.4.30-3.el4
  • postgresql-jdbc-0:7.4.30-3.el4
  • postgresql-libs-0:7.4.30-3.el4
  • postgresql-pl-0:7.4.30-3.el4
  • postgresql-python-0:7.4.30-3.el4
  • postgresql-server-0:7.4.30-3.el4
  • postgresql-tcl-0:7.4.30-3.el4
  • postgresql-test-0:7.4.30-3.el4
  • postgresql-0:8.4.9-1.el6_1.1
  • postgresql-contrib-0:8.4.9-1.el6_1.1
  • postgresql-devel-0:8.4.9-1.el6_1.1
  • postgresql-docs-0:8.4.9-1.el6_1.1
  • postgresql-libs-0:8.4.9-1.el6_1.1
  • postgresql-plperl-0:8.4.9-1.el6_1.1
  • postgresql-plpython-0:8.4.9-1.el6_1.1
  • postgresql-pltcl-0:8.4.9-1.el6_1.1
  • postgresql-server-0:8.4.9-1.el6_1.1
  • postgresql-test-0:8.4.9-1.el6_1.1
  • postgresql-0:8.1.23-1.el5_7.2
  • postgresql-contrib-0:8.1.23-1.el5_7.2
  • postgresql-devel-0:8.1.23-1.el5_7.2
  • postgresql-docs-0:8.1.23-1.el5_7.2
  • postgresql-libs-0:8.1.23-1.el5_7.2
  • postgresql-pl-0:8.1.23-1.el5_7.2
  • postgresql-python-0:8.1.23-1.el5_7.2
  • postgresql-server-0:8.1.23-1.el5_7.2
  • postgresql-tcl-0:8.1.23-1.el5_7.2
  • postgresql-test-0:8.1.23-1.el5_7.2
  • postgresql84-0:8.4.9-1.el5_7.1
  • postgresql84-contrib-0:8.4.9-1.el5_7.1
  • postgresql84-devel-0:8.4.9-1.el5_7.1
  • postgresql84-docs-0:8.4.9-1.el5_7.1
  • postgresql84-libs-0:8.4.9-1.el5_7.1
  • postgresql84-plperl-0:8.4.9-1.el5_7.1
  • postgresql84-plpython-0:8.4.9-1.el5_7.1
  • postgresql84-pltcl-0:8.4.9-1.el5_7.1
  • postgresql84-python-0:8.4.9-1.el5_7.1
  • postgresql84-server-0:8.4.9-1.el5_7.1
  • postgresql84-tcl-0:8.4.9-1.el5_7.1
  • postgresql84-test-0:8.4.9-1.el5_7.1
  • php-0:5.3.3-3.el6_1.3
  • php-bcmath-0:5.3.3-3.el6_1.3
  • php-cli-0:5.3.3-3.el6_1.3
  • php-common-0:5.3.3-3.el6_1.3
  • php-dba-0:5.3.3-3.el6_1.3
  • php-devel-0:5.3.3-3.el6_1.3
  • php-embedded-0:5.3.3-3.el6_1.3
  • php-enchant-0:5.3.3-3.el6_1.3
  • php-gd-0:5.3.3-3.el6_1.3
  • php-imap-0:5.3.3-3.el6_1.3
  • php-intl-0:5.3.3-3.el6_1.3
  • php-ldap-0:5.3.3-3.el6_1.3
  • php-mbstring-0:5.3.3-3.el6_1.3
  • php-mysql-0:5.3.3-3.el6_1.3
  • php-odbc-0:5.3.3-3.el6_1.3
  • php-pdo-0:5.3.3-3.el6_1.3
  • php-pgsql-0:5.3.3-3.el6_1.3
  • php-process-0:5.3.3-3.el6_1.3
  • php-pspell-0:5.3.3-3.el6_1.3
  • php-recode-0:5.3.3-3.el6_1.3
  • php-snmp-0:5.3.3-3.el6_1.3
  • php-soap-0:5.3.3-3.el6_1.3
  • php-tidy-0:5.3.3-3.el6_1.3
  • php-xml-0:5.3.3-3.el6_1.3
  • php-xmlrpc-0:5.3.3-3.el6_1.3
  • php-zts-0:5.3.3-3.el6_1.3
  • php53-0:5.3.3-1.el5_7.3
  • php53-bcmath-0:5.3.3-1.el5_7.3
  • php53-cli-0:5.3.3-1.el5_7.3
  • php53-common-0:5.3.3-1.el5_7.3
  • php53-dba-0:5.3.3-1.el5_7.3
  • php53-devel-0:5.3.3-1.el5_7.3
  • php53-gd-0:5.3.3-1.el5_7.3
  • php53-imap-0:5.3.3-1.el5_7.3
  • php53-intl-0:5.3.3-1.el5_7.3
  • php53-ldap-0:5.3.3-1.el5_7.3
  • php53-mbstring-0:5.3.3-1.el5_7.3
  • php53-mysql-0:5.3.3-1.el5_7.3
  • php53-odbc-0:5.3.3-1.el5_7.3
  • php53-pdo-0:5.3.3-1.el5_7.3
  • php53-pgsql-0:5.3.3-1.el5_7.3
  • php53-process-0:5.3.3-1.el5_7.3
  • php53-pspell-0:5.3.3-1.el5_7.3
  • php53-snmp-0:5.3.3-1.el5_7.3
  • php53-soap-0:5.3.3-1.el5_7.3
  • php53-xml-0:5.3.3-1.el5_7.3
  • php53-xmlrpc-0:5.3.3-1.el5_7.3
refmap via4
apple APPLE-SA-2012-02-01-1
bid 49241
confirm
debian
  • DSA-2340
  • DSA-2399
mandriva
  • MDVSA-2011:165
  • MDVSA-2011:178
  • MDVSA-2011:179
  • MDVSA-2011:180
misc http://freshmeat.net/projects/crypt_blowfish
suse SUSE-SA:2011:035
ubuntu USN-1229-1
xf php-cryptblowfish-info-disclosure(69319)
Last major update 07-12-2016 - 22:02
Published 25-08-2011 - 10:22
Last modified 28-08-2017 - 21:29
Back to Top