CVE-2006-0591 - The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password h

CVE-2006-0591

Summary

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions. This vulnerability may only be exploited in conjunction with another vulnerability. The password file (normally shadowed) must first be stolen.

References

Vulnerable Configurations

cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.7:*:*:*:*:*:*:*

CVSS

Base:	1.2 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
LOCAL	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:H/Au:N/C:P/I:N/A:N

oval via4

accepted

2013-04-29T04:14:28.194-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:11502

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

redhat via4

advisories

rhsa

id	RHSA-2006:0526

rpms

postgresql-0:7.4.13-2.RHEL4.1
postgresql-contrib-0:7.4.13-2.RHEL4.1
postgresql-debuginfo-0:7.4.13-2.RHEL4.1
postgresql-devel-0:7.4.13-2.RHEL4.1
postgresql-docs-0:7.4.13-2.RHEL4.1
postgresql-jdbc-0:7.4.13-2.RHEL4.1
postgresql-libs-0:7.4.13-2.RHEL4.1
postgresql-pl-0:7.4.13-2.RHEL4.1
postgresql-python-0:7.4.13-2.RHEL4.1
postgresql-server-0:7.4.13-2.RHEL4.1
postgresql-tcl-0:7.4.13-2.RHEL4.1
postgresql-test-0:7.4.13-2.RHEL4.1
rh-postgresql-0:7.3.15-2
rh-postgresql-contrib-0:7.3.15-2
rh-postgresql-debuginfo-0:7.3.15-2
rh-postgresql-devel-0:7.3.15-2
rh-postgresql-docs-0:7.3.15-2
rh-postgresql-jdbc-0:7.3.15-2
rh-postgresql-libs-0:7.3.15-2
rh-postgresql-pl-0:7.3.15-2
rh-postgresql-python-0:7.3.15-2
rh-postgresql-server-0:7.3.15-2
rh-postgresql-tcl-0:7.3.15-2
rh-postgresql-test-0:7.3.15-2

refmap via4

bugtraq	20060207 crypt_blowfish 1.0
confirm	http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm
misc	http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/crypt_gensalt.c?only_with_tag=CRYPT_BLOWFISH_1_0
osvdb	23005
secunia	18772 20232 20653 20782
sgi	20060602-01-U
vupen	ADV-2006-0477
xf	cryptblowfish-salt-information-disclosure(24590)

Last major update

19-10-2018 - 15:45

Published

08-02-2006 - 01:02

Last modified

19-10-2018 - 15:45