Executive Summary
Summary | |
---|---|
Title | PostgreSQL vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1229-1 | First vendor Publication | 2011-10-13 |
Vendor | Ubuntu | Last vendor Modification | 2011-10-13 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: PostgreSQL incorrectly handled blowfish passwords. Software Description: - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Details: It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.04: Ubuntu 10.10: Ubuntu 10.04 LTS: Ubuntu 8.04 LTS: In general, a standard system update will make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1229-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-310 | Cryptographic Issues |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18286 | |||
Oval ID: | oval:org.mitre.oval:def:18286 | ||
Title: | DSA-2340-1 postgresql - weak password hashing | ||
Description: | magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2340-1 CVE-2011-2483 | Version: | 7 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 5.0 | Product(s): | postgresql-8.4 postgresql-8.3 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20579 | |||
Oval ID: | oval:org.mitre.oval:def:20579 | ||
Title: | USN-1229-1 -- postgresql-8.3, postgresql-8.4 vulnerability | ||
Description: | PostgreSQL incorrectly handled blowfish passwords. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1229-1 CVE-2011-2483 | Version: | 5 |
Platform(s): | Ubuntu 11.04 Ubuntu 10.10 Ubuntu 10.04 Ubuntu 8.04 | Product(s): | postgresql-8.4 postgresql-8.3 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-10 | Name : Slackware Advisory SSA:2011-237-01 php File : nvt/esoft_slk_ssa_2011_237_01.nasl |
2012-07-30 | Name : CentOS Update for postgresql CESA-2011:1377 centos4 x86_64 File : nvt/gb_CESA-2011_1377_postgresql_centos4_x86_64.nasl |
2012-07-30 | Name : CentOS Update for postgresql CESA-2011:1377 centos5 x86_64 File : nvt/gb_CESA-2011_1377_postgresql_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 x86_64 File : nvt/gb_CESA-2011_1378_postgresql84_centos5_x86_64.nasl |
2012-07-30 | Name : CentOS Update for php53 CESA-2011:1423 centos5 x86_64 File : nvt/gb_CESA-2011_1423_php53_centos5_x86_64.nasl |
2012-04-02 | Name : Fedora Update for maniadrive FEDORA-2011-11464 File : nvt/gb_fedora_2011_11464_maniadrive_fc16.nasl |
2012-03-19 | Name : Fedora Update for php FEDORA-2011-11464 File : nvt/gb_fedora_2011_11464_php_fc16.nasl |
2012-03-19 | Name : Fedora Update for php-eaccelerator FEDORA-2011-11464 File : nvt/gb_fedora_2011_11464_php-eaccelerator_fc16.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2399-2 (php5) File : nvt/deb_2399_2.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-22 (postgresql-server postgresql-base) File : nvt/glsa_201110_22.nasl |
2012-02-12 | Name : Gentoo Security Advisory GLSA 201110-06 (php) File : nvt/glsa_201110_06.nasl |
2012-02-12 | Name : Debian Security Advisory DSA 2399-1 (php5) File : nvt/deb_2399_1.nasl |
2012-02-06 | Name : Mac OS X Multiple Vulnerabilities (2012-001) File : nvt/gb_macosx_su12-001.nasl |
2011-12-23 | Name : Mandriva Update for php-suhosin MDVSA-2011:180 (php-suhosin) File : nvt/gb_mandriva_MDVSA_2011_180.nasl |
2011-11-28 | Name : Mandriva Update for glibc MDVSA-2011:178 (glibc) File : nvt/gb_mandriva_MDVSA_2011_178.nasl |
2011-11-11 | Name : CentOS Update for postgresql CESA-2011:1377 centos4 i386 File : nvt/gb_CESA-2011_1377_postgresql_centos4_i386.nasl |
2011-11-08 | Name : Mandriva Update for php MDVSA-2011:165 (php) File : nvt/gb_mandriva_MDVSA_2011_165.nasl |
2011-11-03 | Name : CentOS Update for php53 CESA-2011:1423 centos5 i386 File : nvt/gb_CESA-2011_1423_php53_centos5_i386.nasl |
2011-11-03 | Name : RedHat Update for php53 and php RHSA-2011:1423-01 File : nvt/gb_RHSA-2011_1423-01_php53_and_php.nasl |
2011-10-31 | Name : Mandriva Update for postgresql MDVSA-2011:161 (postgresql) File : nvt/gb_mandriva_MDVSA_2011_161.nasl |
2011-10-21 | Name : RedHat Update for postgresql RHSA-2011:1377-01 File : nvt/gb_RHSA-2011_1377-01_postgresql.nasl |
2011-10-21 | Name : Ubuntu Update for php5 USN-1231-1 File : nvt/gb_ubuntu_USN_1231_1.nasl |
2011-10-21 | Name : CentOS Update for postgresql CESA-2011:1377 centos5 i386 File : nvt/gb_CESA-2011_1377_postgresql_centos5_i386.nasl |
2011-10-21 | Name : CentOS Update for postgresql84 CESA-2011:1378 centos5 i386 File : nvt/gb_CESA-2011_1378_postgresql84_centos5_i386.nasl |
2011-10-21 | Name : RedHat Update for postgresql84 RHSA-2011:1378-01 File : nvt/gb_RHSA-2011_1378-01_postgresql84.nasl |
2011-10-14 | Name : Ubuntu Update for postgresql-8.4 USN-1229-1 File : nvt/gb_ubuntu_USN_1229_1.nasl |
2011-09-21 | Name : FreeBSD Ports: php5, php5-sockets File : nvt/freebsd_php513.nasl |
2011-09-20 | Name : Fedora Update for php-eaccelerator FEDORA-2011-11537 File : nvt/gb_fedora_2011_11537_php-eaccelerator_fc14.nasl |
2011-09-20 | Name : Fedora Update for php FEDORA-2011-11537 File : nvt/gb_fedora_2011_11537_php_fc14.nasl |
2011-09-20 | Name : Fedora Update for maniadrive FEDORA-2011-11537 File : nvt/gb_fedora_2011_11537_maniadrive_fc14.nasl |
2011-09-20 | Name : Fedora Update for php FEDORA-2011-11528 File : nvt/gb_fedora_2011_11528_php_fc15.nasl |
2011-09-20 | Name : Fedora Update for php-eaccelerator FEDORA-2011-11528 File : nvt/gb_fedora_2011_11528_php-eaccelerator_fc15.nasl |
2011-09-20 | Name : Fedora Update for maniadrive FEDORA-2011-11528 File : nvt/gb_fedora_2011_11528_maniadrive_fc15.nasl |
2011-09-07 | Name : PHP Multiple Vulnerabilities (Windows) - Sep 2011 File : nvt/gb_php_mult_vuln_win_sep11.nasl |
2011-08-29 | Name : PHP Versions Prior to 5.3.7 Multiple Security Vulnerabilities File : nvt/gb_php_49241.nasl |
2011-08-27 | Name : SuSE Update for glibc,pam-modules,libxcrypt,pwdutils SUSE-SA:2011:035 File : nvt/gb_suse_2011_035.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
74742 | PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-05-20 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2012-1336-1.nasl - Type : ACT_GATHER_INFO |
2014-10-12 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-7.nasl - Type : ACT_GATHER_INFO |
2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL13519.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_yast2-core-110822.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_man-pages-110823.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_glibc-110729.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_yast2-core-110822.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_man-pages-110823.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_glibc-110729.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_apache2-mod_php5-110907.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-849.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-214.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-07.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2011-12.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1377.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1378.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2011-1423.nasl - Type : ACT_GATHER_INFO |
2012-10-15 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_postgresql-8311.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-179.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111102_php53_and_php_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111017_postgresql_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20111017_postgresql84_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-04-20 | Name : The remote web server is affected by multiple vulnerabilities. File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO |
2012-04-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-blowfish-7663.nasl - Type : ACT_GATHER_INFO |
2012-02-06 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_glibc-blowfish-110729.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes several security vuln... File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO |
2012-02-02 | Name : The remote host is missing a Mac OS X update that fixes multiple security vul... File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO |
2012-02-01 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2399.nasl - Type : ACT_GATHER_INFO |
2011-11-29 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-180.nasl - Type : ACT_GATHER_INFO |
2011-11-28 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-178.nasl - Type : ACT_GATHER_INFO |
2011-11-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2340.nasl - Type : ACT_GATHER_INFO |
2011-11-04 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-165.nasl - Type : ACT_GATHER_INFO |
2011-11-03 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO |
2011-11-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1423.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-22.nasl - Type : ACT_GATHER_INFO |
2011-10-25 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-161.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1231-1.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO |
2011-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1378.nasl - Type : ACT_GATHER_INFO |
2011-10-18 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-1377.nasl - Type : ACT_GATHER_INFO |
2011-10-14 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1229-1.nasl - Type : ACT_GATHER_INFO |
2011-10-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201110-06.nasl - Type : ACT_GATHER_INFO |
2011-09-19 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11537.nasl - Type : ACT_GATHER_INFO |
2011-09-19 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11528.nasl - Type : ACT_GATHER_INFO |
2011-09-12 | Name : The remote Fedora host is missing one or more security updates. File : fedora_2011-11464.nasl - Type : ACT_GATHER_INFO |
2011-09-01 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_yast2-core-110830.nasl - Type : ACT_GATHER_INFO |
2011-08-31 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_man-pages-110825.nasl - Type : ACT_GATHER_INFO |
2011-08-31 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libxcrypt-110824.nasl - Type : ACT_GATHER_INFO |
2011-08-26 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-237-01.nasl - Type : ACT_GATHER_INFO |
2011-08-22 | Name : The remote web server uses a version of PHP that is affected by multiple vuln... File : php_5_3_7.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_057bf770cac411e0aea300215c6a37bb.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_glibc-7659.nasl - Type : ACT_GATHER_INFO |
2011-08-20 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12813.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:59:05 |
|