Executive Summary

Informations
NameCVE-2012-2143First vendor Publication2012-07-05
VendorCveLast vendor Modification2016-12-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143

CWE : Common Weakness Enumeration

%idName
100 %CWE-310Cryptographic Issues

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21377
 
Oval ID: oval:org.mitre.oval:def:21377
Title: RHSA-2012:1036: postgresql security update (Moderate)
Description: The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Family: unix Class: patch
Reference(s): RHSA-2012:1036-00
CESA-2012:1036
CVE-2012-2143
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23044
 
Oval ID: oval:org.mitre.oval:def:23044
Title: ELSA-2012:1036: postgresql security update (Moderate)
Description: The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Family: unix Class: patch
Reference(s): ELSA-2012:1036-00
CVE-2012-2143
Version: 6
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27122
 
Oval ID: oval:org.mitre.oval:def:27122
Title: DEPRECATED: ELSA-2012-1036 -- postgresql security update (moderate)
Description: [8.1.23-5] - Back-port upstream fix for CVE-2012-2143 Resolves: #830721
Family: unix Class: patch
Reference(s): ELSA-2012-1036
CVE-2012-2143
Version: 4
Platform(s): Oracle Linux 5
Product(s): postgresql
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application390
Application4
Os652

OpenVAS Exploits

DateDescription
2012-10-03Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-09-26Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_php_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-8924
File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12165
File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_php_fc17.nasl
2012-08-10Name : Debian Security Advisory DSA 2491-1 (postgresql-8.4)
File : nvt/deb_2491_1.nasl
2012-08-10Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD18.nasl
2012-08-06Name : Fedora Update for php FEDORA-2012-10908
File : nvt/gb_fedora_2012_10908_php_fc16.nasl
2012-08-03Name : Mandriva Update for postgresql MDVSA-2012:092 (postgresql)
File : nvt/gb_mandriva_MDVSA_2012_092.nasl
2012-08-03Name : Mandriva Update for php MDVSA-2012:093 (php)
File : nvt/gb_mandriva_MDVSA_2012_093.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2012:1036 centos5
File : nvt/gb_CESA-2012_1036_postgresql_centos5.nasl
2012-07-30Name : CentOS Update for postgresql84 CESA-2012:1037 centos5
File : nvt/gb_CESA-2012_1037_postgresql84_centos5.nasl
2012-07-30Name : CentOS Update for postgresql CESA-2012:1037 centos6
File : nvt/gb_CESA-2012_1037_postgresql_centos6.nasl
2012-07-30Name : CentOS Update for php CESA-2012:1046 centos6
File : nvt/gb_CESA-2012_1046_php_centos6.nasl
2012-07-30Name : CentOS Update for php53 CESA-2012:1047 centos5
File : nvt/gb_CESA-2012_1047_php53_centos5.nasl
2012-07-03Name : Fedora Update for maniadrive FEDORA-2012-9762
File : nvt/gb_fedora_2012_9762_maniadrive_fc16.nasl
2012-07-03Name : Fedora Update for php-eaccelerator FEDORA-2012-9762
File : nvt/gb_fedora_2012_9762_php-eaccelerator_fc16.nasl
2012-07-03Name : Fedora Update for php FEDORA-2012-9762
File : nvt/gb_fedora_2012_9762_php_fc16.nasl
2012-06-28Name : RedHat Update for postgresql RHSA-2012:1036-01
File : nvt/gb_RHSA-2012_1036-01_postgresql.nasl
2012-06-28Name : RedHat Update for postgresql and postgresql84 RHSA-2012:1037-01
File : nvt/gb_RHSA-2012_1037-01_postgresql_and_postgresql84.nasl
2012-06-28Name : RedHat Update for php RHSA-2012:1046-01
File : nvt/gb_RHSA-2012_1046-01_php.nasl
2012-06-28Name : RedHat Update for php53 RHSA-2012:1047-01
File : nvt/gb_RHSA-2012_1047-01_php53.nasl
2012-06-22Name : Ubuntu Update for php5 USN-1481-1
File : nvt/gb_ubuntu_USN_1481_1.nasl
2012-06-19Name : Fedora Update for postgresql FEDORA-2012-8893
File : nvt/gb_fedora_2012_8893_postgresql_fc16.nasl
2012-06-19Name : Fedora Update for postgresql FEDORA-2012-8915
File : nvt/gb_fedora_2012_8915_postgresql_fc15.nasl
2012-06-08Name : Ubuntu Update for postgresql-9.1 USN-1461-1
File : nvt/gb_ubuntu_USN_1461_1.nasl
2012-05-31Name : FreeBSD Ports: postgresql-server
File : nvt/freebsd_postgresql-server1.nasl

Snort® IPS/IDS

DateDescription
2014-01-10PHP truncated crypt function attempt
RuleID : 23896 - Revision : 4 - Type : SERVER-WEBAPP
2014-01-10PHP truncated crypt function attempt
RuleID : 23895 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10truncated crypt function attempt
RuleID : 23894 - Revision : 7 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-650.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-667.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-675.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-365.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-91.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-94.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2012-95.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1036.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1037.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-06-29Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-mod_php53-120618.nasl - Type : ACT_GATHER_INFO
2013-01-25Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_postgresql-120820.nasl - Type : ACT_GATHER_INFO
2012-12-28Name : The remote database server is affected by multiple vulnerabilities.
File : postgresql_20120604.nasl - Type : ACT_GATHER_INFO
2012-09-29Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-24.nasl - Type : ACT_GATHER_INFO
2012-09-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-03.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_7_5.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_2.nasl - Type : ACT_GATHER_INFO
2012-09-20Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-004.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120625_postgresql_and_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120625_postgresql_and_postgresql84_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120625_postgresql_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php53_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120627_php_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-11Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-07-03Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-9762.nasl - Type : ACT_GATHER_INFO
2012-07-01Name : The remote Fedora host is missing one or more security updates.
File : fedora_2012-9490.nasl - Type : ACT_GATHER_INFO
2012-06-29Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2491.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_185ff22ec06611e1b5e0000c299b62e1.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1046.nasl - Type : ACT_GATHER_INFO
2012-06-28Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1047.nasl - Type : ACT_GATHER_INFO
2012-06-27Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1037.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1036.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-1037.nasl - Type : ACT_GATHER_INFO
2012-06-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-1036.nasl - Type : ACT_GATHER_INFO
2012-06-20Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1481-1.nasl - Type : ACT_GATHER_INFO
2012-06-18Name : The remote Fedora host is missing a security update.
File : fedora_2012-8893.nasl - Type : ACT_GATHER_INFO
2012-06-18Name : The remote Fedora host is missing a security update.
File : fedora_2012-8915.nasl - Type : ACT_GATHER_INFO
2012-06-18Name : The remote Fedora host is missing a security update.
File : fedora_2012-8924.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_3_14.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-092.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-093.nasl - Type : ACT_GATHER_INFO
2012-06-15Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_4.nasl - Type : ACT_GATHER_INFO
2012-06-06Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1461-1.nasl - Type : ACT_GATHER_INFO
2012-05-31Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_a8864f8faa9e11e1a2840023ae8e59f0.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
CONFIRM http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d0...
http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2...
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://support.apple.com/kb/HT5501
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
http://www.postgresql.org/support/security/
https://bugzilla.redhat.com/show_bug.cgi?id=816956
DEBIAN http://www.debian.org/security/2012/dsa-2491
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html
FREEBSD http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
REDHAT http://rhn.redhat.com/errata/RHSA-2012-1037.html
SECTRACK http://www.securitytracker.com/id?1026995
SUSE http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
DateInformations
2019-06-08 12:04:39
  • Multiple Updates
2019-03-22 12:04:17
  • Multiple Updates
2019-03-20 12:04:33
  • Multiple Updates
2019-03-19 12:04:58
  • Multiple Updates
2018-10-03 12:02:52
  • Multiple Updates
2017-08-03 12:00:49
  • Multiple Updates
2017-02-24 12:00:53
  • Multiple Updates
2016-12-08 09:23:25
  • Multiple Updates
2016-10-06 12:01:33
  • Multiple Updates
2016-06-28 19:07:39
  • Multiple Updates
2016-04-26 21:46:47
  • Multiple Updates
2014-06-14 13:32:52
  • Multiple Updates
2014-02-17 11:09:58
  • Multiple Updates
2014-01-19 21:28:42
  • Multiple Updates
2013-06-10 17:20:16
  • Multiple Updates
2013-06-07 00:18:48
  • Multiple Updates
2013-05-10 22:38:30
  • Multiple Updates
2013-04-19 13:20:10
  • Multiple Updates