Vulnerability-Lookup

BDU:2022-02629

Vulnerability from fstec - Published: 05.07.2012

Title

Уязвимость функции crypt_des операционной системы FreeBSD, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость функции crypt_des системы управления базами данных PostgreSQL, операционной системы FreeBSD, интерпретатора языка программирования PHP связана с ошибками при обработке полного открытого текстового пароля, если этот пароль содержит символ 0x80. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, повысить свои привилегии

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Vendor

Red Hat Inc., Canonical Ltd., Novell Inc., Сообщество свободного программного обеспечения, PostgreSQL Global Development Group, PHP Group

Software Name

Red Hat Enterprise Linux, Ubuntu, OpenSUSE Leap, Debian GNU/Linux, PostgreSQL, PHP

Software Version

5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 11.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.3 (PostgreSQL), 8.4 (PostgreSQL), 9.0 (PostgreSQL), 9.1 (PostgreSQL), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.5 (PHP), 4.3.7 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.9 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 4.0.7 (PHP), 3.0.11 (PHP), 3.0.18 (PHP), 3.0.4 (PHP), 3.0.8 (PHP), 3.0.5 (PHP), 5.3.11 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.3.10 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP)

Possible Mitigations

Использование рекомендаций Для FreeBSD: http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2012-2143 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2143.xml Для Ubuntu: https://ubuntu.com/security/CVE-2012-2143 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2012-2143 Для PostgreSQL: https://www.postgresql.org/docs/9.1/release-9-1-4.html https://www.postgresql.org/docs/9.0/release-9-0-8.html https://www.postgresql.org/docs/8.4/release-8-4-12.html https://www.postgresql.org/docs/8.3/release-8-3-19.html Для PHP: http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34

Reference

http://www.postgresql.org/support/security/ http://www.postgresql.org/docs/9.1/static/release-9-1-4.html http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9 http://www.postgresql.org/docs/8.3/static/release-8-3-19.html http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34 https://bugzilla.redhat.com/show_bug.cgi?id=816956 http://www.postgresql.org/docs/8.4/static/release-8-4-12.html http://www.postgresql.org/docs/9.0/static/release-9-0-8.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:092 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html http://www.debian.org/security/2012/dsa-2491 http://rhn.redhat.com/errata/RHSA-2012-1037.html http://www.securitytracker.com/id?1026995 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html http://secunia.com/advisories/49304 http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html http://secunia.com/advisories/50718 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

CWE

CWE-310

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, PostgreSQL Global Development Group, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "5 (Red Hat Enterprise Linux), 6 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.0 (OpenSUSE Leap), 11.10 (Ubuntu), 11.04 (Ubuntu), 6 (Debian GNU/Linux), 10.04 (Ubuntu), 8.3 (PostgreSQL), 8.4 (PostgreSQL), 9.0 (PostgreSQL), 9.1 (PostgreSQL), 8.04 (Ubuntu), 5.3.6 (PHP), 5.3.5 (PHP), 5.2.10 (PHP), 5.2.13 (PHP), 5.2.4 (PHP), 5.2.3 (PHP), 5.1.1 (PHP), 5.1.0 (PHP), 5.1.6 (PHP), 5.0.0beta4 (PHP), 5.0.0beta3 (PHP), 5.0.0beta1 (PHP), 4.3.10 (PHP), 4.3.6 (PHP), 4.3.5 (PHP), 4.3.7 (PHP), 4.1.2 (PHP), 4.1.1 (PHP), 4.4.9 (PHP), 4.4.1 (PHP), 4.0beta 4 patch1 (PHP), 4.0beta3 (PHP), 4.0.7 (PHP), 3.0.11 (PHP), 3.0.18 (PHP), 3.0.4 (PHP), 3.0.8 (PHP), 3.0.5 (PHP), 5.3.11 (PHP), 5.3.4 (PHP), 5.3.9 (PHP), 5.3.2 (PHP), 5.3.10 (PHP), 5.2.5 (PHP), 5.2.11 (PHP), 5.2.14 (PHP), 5.2.1 (PHP), 5.1.4 (PHP), 5.1.5 (PHP), 5.0.0beta2 (PHP), 5.0.2 (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439\n\u0414\u043b\u044f FreeBSD:\nhttp://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2012-2143\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2143.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2012-2143\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2012-2143\n\n\u0414\u043b\u044f PostgreSQL:\nhttps://www.postgresql.org/docs/9.1/release-9-1-4.html\nhttps://www.postgresql.org/docs/9.0/release-9-0-8.html\nhttps://www.postgresql.org/docs/8.4/release-8-4-12.html\nhttps://www.postgresql.org/docs/8.3/release-8-3-19.html\n\n\u0414\u043b\u044f PHP:\nhttp://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.07.2012",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02629",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2012-2143",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, OpenSUSE Leap, Debian GNU/Linux, PostgreSQL, PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 5 , Red Hat Inc. Red Hat Enterprise Linux 6 , Canonical Ltd. Ubuntu 12.04 , Novell Inc. OpenSUSE Leap 15.0 , Canonical Ltd. Ubuntu 11.10 , Canonical Ltd. Ubuntu 11.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 , Canonical Ltd. Ubuntu 10.04 , Canonical Ltd. Ubuntu 8.04 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 crypt_des \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b FreeBSD, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 (CWE-310)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 crypt_des \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0430\u0437\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 PostgreSQL, \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b FreeBSD, \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u043e\u043b\u043d\u043e\u0433\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u043f\u0430\u0440\u043e\u043b\u044f, \u0435\u0441\u043b\u0438 \u044d\u0442\u043e\u0442 \u043f\u0430\u0440\u043e\u043b\u044c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 \u0441\u0438\u043c\u0432\u043e\u043b 0x80. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u043d\u044b\u0435 \u043c\u0435\u0442\u043e\u0434\u044b",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.postgresql.org/support/security/\nhttp://www.postgresql.org/docs/9.1/static/release-9-1-4.html\nhttp://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9\nhttp://www.postgresql.org/docs/8.3/static/release-8-3-19.html\nhttp://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc\nhttp://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34\nhttps://bugzilla.redhat.com/show_bug.cgi?id=816956\nhttp://www.postgresql.org/docs/8.4/static/release-8-4-12.html\nhttp://www.postgresql.org/docs/9.0/static/release-9-0-8.html\nhttp://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html\nhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:092\nhttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html\nhttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html\nhttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html\nhttp://www.debian.org/security/2012/dsa-2491\nhttp://rhn.redhat.com/errata/RHSA-2012-1037.html\nhttp://www.securitytracker.com/id?1026995\nhttp://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html\nhttp://support.apple.com/kb/HT5501\nhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html\nhttp://secunia.com/advisories/49304\nhttp://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html\nhttp://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html\nhttp://secunia.com/advisories/50718\nhttp://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0423\u0411\u0414, \u041f\u041e \u0434\u043b\u044f \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u0418\u0418, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-310",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,7)"
}

CVE-2012-2143 (GCVE-0-2012-2143)

Vulnerability from cvelistv5 – Published: 2012-07-05 14:00 – Updated: 2024-08-06 19:26

Summary

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.postgresql.org/docs/9.1/static/release…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://security.freebsd.org/advisories/FreeBSD-SA…	vendor-advisoryx_refsource_FREEBSD
	http://secunia.com/advisories/50718	third-party-advisoryx_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://bugzilla.redhat.com/show_bug.cgi?id=816956	x_refsource_CONFIRM
	http://www.postgresql.org/support/security/	x_refsource_CONFIRM
	http://www.debian.org/security/2012/dsa-2491	vendor-advisoryx_refsource_DEBIAN
	http://www.securitytracker.com/id?1026995	vdb-entryx_refsource_SECTRACK
	http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=…	x_refsource_CONFIRM
	http://www.postgresql.org/docs/8.3/static/release…	x_refsource_CONFIRM
	http://www.postgresql.org/docs/8.4/static/release…	x_refsource_CONFIRM
	http://git.postgresql.org/gitweb/?p=postgresql.gi…	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT5501	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2012-1037.html	vendor-advisoryx_refsource_REDHAT
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
	http://www.postgresql.org/docs/9.0/static/release…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2012-0…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2012-1…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/49304	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2012-1…	vendor-advisoryx_refsource_SUSE

Date Public ?

2012-05-30 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:26:08.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
          },
          {
            "name": "SUSE-SU-2012:0840",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
          },
          {
            "name": "FreeBSD-SA-12:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
          },
          {
            "name": "50718",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50718"
          },
          {
            "name": "FEDORA-2012-8924",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
          },
          {
            "name": "FEDORA-2012-8893",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/support/security/"
          },
          {
            "name": "DSA-2491",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2491"
          },
          {
            "name": "1026995",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026995"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
          },
          {
            "name": "APPLE-SA-2012-09-19-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5501"
          },
          {
            "name": "RHSA-2012:1037",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
          },
          {
            "name": "FEDORA-2012-8915",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
          },
          {
            "name": "MDVSA-2012:092",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
          },
          {
            "name": "openSUSE-SU-2012:1251",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
          },
          {
            "name": "openSUSE-SU-2012:1288",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
          },
          {
            "name": "49304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49304"
          },
          {
            "name": "openSUSE-SU-2012:1299",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-05-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
        },
        {
          "name": "SUSE-SU-2012:0840",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
        },
        {
          "name": "FreeBSD-SA-12:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
        },
        {
          "name": "50718",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50718"
        },
        {
          "name": "FEDORA-2012-8924",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
        },
        {
          "name": "FEDORA-2012-8893",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/support/security/"
        },
        {
          "name": "DSA-2491",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2491"
        },
        {
          "name": "1026995",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026995"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=aab49e934de1fff046e659cbec46e3d053b41c34"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
        },
        {
          "name": "APPLE-SA-2012-09-19-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5501"
        },
        {
          "name": "RHSA-2012:1037",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
        },
        {
          "name": "FEDORA-2012-8915",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
        },
        {
          "name": "MDVSA-2012:092",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
        },
        {
          "name": "openSUSE-SU-2012:1251",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
        },
        {
          "name": "openSUSE-SU-2012:1288",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
        },
        {
          "name": "49304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49304"
        },
        {
          "name": "openSUSE-SU-2012:1299",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-2143",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/9.1/static/release-9-1-4.html"
            },
            {
              "name": "SUSE-SU-2012:0840",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
            },
            {
              "name": "FreeBSD-SA-12:02",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc"
            },
            {
              "name": "50718",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50718"
            },
            {
              "name": "FEDORA-2012-8924",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
            },
            {
              "name": "FEDORA-2012-8893",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=816956",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=816956"
            },
            {
              "name": "http://www.postgresql.org/support/security/",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/support/security/"
            },
            {
              "name": "DSA-2491",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2491"
            },
            {
              "name": "1026995",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026995"
            },
            {
              "name": "http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34",
              "refsource": "CONFIRM",
              "url": "http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34"
            },
            {
              "name": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/8.3/static/release-8-3-19.html"
            },
            {
              "name": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/8.4/static/release-8-4-12.html"
            },
            {
              "name": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9",
              "refsource": "CONFIRM",
              "url": "http://git.postgresql.org/gitweb/?p=postgresql.git\u0026a=commit\u0026h=932ded2ed51e8333852e370c7a6dad75d9f236f9"
            },
            {
              "name": "APPLE-SA-2012-09-19-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT5501",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5501"
            },
            {
              "name": "RHSA-2012:1037",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
            },
            {
              "name": "FEDORA-2012-8915",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
            },
            {
              "name": "MDVSA-2012:092",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
            },
            {
              "name": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html",
              "refsource": "CONFIRM",
              "url": "http://www.postgresql.org/docs/9.0/static/release-9-0-8.html"
            },
            {
              "name": "openSUSE-SU-2012:1251",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
            },
            {
              "name": "openSUSE-SU-2012:1288",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
            },
            {
              "name": "49304",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49304"
            },
            {
              "name": "openSUSE-SU-2012:1299",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-2143",
    "datePublished": "2012-07-05T14:00:00.000Z",
    "dateReserved": "2012-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:26:08.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2022-02629

CVE-2012-2143 (GCVE-0-2012-2143)

Tags

Sightings

Nomenclature