Your submission was sent successfully! Close

CVE-2012-2143

Published: 05 June 2012

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Priority

Medium

Status

Package Release Status
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34
postgresql-8.2
Launchpad, Ubuntu, Debian
Upstream Needs triage

postgresql-8.3
Launchpad, Ubuntu, Debian
Upstream
Released (8.3.19)
postgresql-8.4
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.12)
postgresql-9.1
Launchpad, Ubuntu, Debian
Upstream
Released (9.1.4)