1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
PublicDateAtUSN: 2012-06-05
Candidate: CVE-2012-2143
PublicDate: 2012-07-05
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
http://www.ubuntu.com/usn/usn-1461-1
http://www.ubuntu.com/usn/usn-1481-1
Description:
The crypt_des (aka DES-based crypt) function in FreeBSD before
9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not
process the complete cleartext password if this password contains a 0x80
character, which makes it easier for context-dependent attackers to obtain
access via an authentication attempt with an initial substring of the
intended password, as demonstrated by a Unicode password.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Rubin Xu and Joseph Bonneau
Assigned-to: mdeslaur
Patches_php5:
upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34
upstream_php5: needs-triage
hardy_php5: not-affected (code not present)
lucid_php5: released (5.3.2-1ubuntu4.17)
maverick_php5: ignored (reached end-of-life)
natty_php5: released (5.3.5-1ubuntu7.10)
oneiric_php5: released (5.3.6-13ubuntu3.8)
precise_php5: released (5.3.10-1ubuntu3.2)
quantal_php5: not-affected (5.4.4-1ubuntu1)
raring_php5: not-affected (5.4.4-1ubuntu1)
devel_php5: not-affected (5.4.4-1ubuntu1)
Patches_postgresql-9.1:
upstream_postgresql-9.1: released (9.1.4)
hardy_postgresql-9.1: DNE
lucid_postgresql-9.1: DNE
natty_postgresql-9.1: DNE
oneiric_postgresql-9.1: released (9.1.4-0ubuntu11.10)
precise_postgresql-9.1: released (9.1.4-0ubuntu12.04)
quantal_postgresql-9.1: not-affected (9.1.4-1)
raring_postgresql-9.1: not-affected (9.1.4-1)
devel_postgresql-9.1: not-affected (9.1.4-1)
Patches_postgresql-8.4:
upstream_postgresql-8.4: released (8.4.12)
hardy_postgresql-8.4: DNE
lucid_postgresql-8.4: released (8.4.12-0ubuntu10.04)
natty_postgresql-8.4: released (8.4.12-0ubuntu11.04)
oneiric_postgresql-8.4: ignored (reached end-of-life)
precise_postgresql-8.4: released (8.4.17-0ubuntu12.04)
quantal_postgresql-8.4: DNE
raring_postgresql-8.4: DNE
devel_postgresql-8.4: DNE
Patches_postgresql-8.3:
upstream_postgresql-8.3: released (8.3.19)
hardy_postgresql-8.3: released (8.3.19-0ubuntu8.04)
lucid_postgresql-8.3: DNE
natty_postgresql-8.3: DNE
oneiric_postgresql-8.3: DNE
precise_postgresql-8.3: DNE
quantal_postgresql-8.3: DNE
raring_postgresql-8.3: DNE
devel_postgresql-8.3: DNE
Patches_postgresql-8.2:
upstream_postgresql-8.2: needs-triage
hardy_postgresql-8.2: ignored (reached end-of-life)
lucid_postgresql-8.2: DNE
natty_postgresql-8.2: DNE
oneiric_postgresql-8.2: DNE
precise_postgresql-8.2: DNE
quantal_postgresql-8.2: DNE
raring_postgresql-8.2: DNE
devel_postgresql-8.2: DNE
|