CVE-2012-2143

Severity

43%

Complexity

86%

Confidentiality

48%

As per: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 and http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=aab49e934de1fff046e659cbec46e3d053b41c34 PHP 5.3.13 and earlier are vulnerable.

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

As per: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 and http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=aab49e934de1fff046e659cbec46e3d053b41c34 PHP 5.3.13 and earlier are vulnerable.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 12 years ago

2012-07-05 14:55:00

Last updated 8 years ago

2016-12-08 03:02:00

Affected Software

PostgreSQL 8.3

8.3

PostgreSQL 8.4

8.4

PostgreSQL 9.0

9.0

PostgreSQL 9.1

9.1

FreeBSD 1.0

1.0

FreeBSD 1.1

1.1

FreeBSD 1.1.5

1.1.5

FreeBSD 1.1.5.1

1.1.5.1

FreeBSD 2.0

2.0

FreeBSD 2.0.5

2.0.5

FreeBSD 2.1

2.1

FreeBSD 2.1.5

2.1.5

FreeBSD 2.1.6

2.1.6

FreeBSD 2.1.7

2.1.7

FreeBSD 2.2

2.2

FreeBSD 2.2.1

2.2.1

FreeBSD 2.2.2

2.2.2

FreeBSD 2.2.5

2.2.5

FreeBSD 2.2.6

2.2.6

FreeBSD 2.2.7

2.2.7

FreeBSD 2.2.8

2.2.8

FreeBSD 3.0

3.0

FreeBSD 3.1

3.1

FreeBSD 3.2

3.2

FreeBSD 3.3

3.3

FreeBSD 3.4

3.4

FreeBSD 3.5

3.5

FreeBSD 4.0

4.0

FreeBSD 4.1

4.1

FreeBSD 4.1.1

4.1.1

FreeBSD 4.2

4.2

FreeBSD 4.3

4.3

FreeBSD 4.4

4.4

FreeBSD 4.5

4.5

FreeBSD 4.6

4.6

FreeBSD 4.6.2

4.6.2

FreeBSD 4.7

4.7

FreeBSD 4.8

4.8

FreeBSD 4.9

4.9

FreeBSD 4.10

4.10

FreeBSD 4.11

4.11

FreeBSD 5.0

5.0

FreeBSD 5.1

5.1

FreeBSD 5.2

5.2

FreeBSD 5.2.1

5.2.1

FreeBSD 5.3

5.3

FreeBSD 5.4

5.4

FreeBSD 5.5

5.5

FreeBSD 6.0

6.0

FreeBSD 6.1

6.1

FreeBSD 6.2

6.2

FreeBSD 6.3

6.3

FreeBSD 6.4

6.4

FreeBSD 7.0

7.0

FreeBSD 7.1

7.1

FreeBSD 7.2

7.2

FreeBSD 7.3

7.3

FreeBSD 7.4

7.4

FreeBSD 8.0

8.0

FreeBSD 8.1

8.1

FreeBSD 8.2

8.2

FreeBSD 8.3

8.3

FreeBSD

PHP PHP_FI 1.0

1.0

PHP PHP_FI 2.0

2.0

PHP PHP_FI 2.0b10

2.0b10

PHP PHP 3.0

3.0

PHP PHP 3.0.1

3.0.1

PHP PHP 3.0.2

3.0.2

PHP PHP 3.0.3

3.0.3

PHP PHP 3.0.4

3.0.4

PHP PHP 3.0.5

3.0.5

PHP PHP 3.0.6

3.0.6

PHP PHP 3.0.7

3.0.7

PHP PHP 3.0.8

3.0.8

PHP PHP 3.0.9

3.0.9

PHP PHP 3.0.10

3.0.10

PHP PHP 3.0.11

3.0.11

PHP PHP 3.0.12

3.0.12

PHP PHP 3.0.13

3.0.13

PHP PHP 3.0.14

3.0.14

PHP PHP 3.0.15

3.0.15

PHP PHP 3.0.16

3.0.16

PHP PHP 3.0.17

3.0.17

PHP PHP 3.0.18

3.0.18

PHP PHP 4.0 Beta 1

4.0

PHP PHP 4.0 Beta 2

4.0

PHP PHP 4.0 Beta 3

4.0

PHP PHP 4.0 Beta 4

4.0

PHP PHP 4.0 Beta 4 Patch Level 1

4.0

PHP PHP 4.0.0

4.0.0

PHP PHP 4.0.1

4.0.1

PHP PHP 4.0.2

4.0.2

PHP PHP 4.0.3

4.0.3

PHP PHP 4.0.4

4.0.4

PHP PHP 4.0.5

4.0.5

PHP PHP 4.0.6

4.0.6

PHP PHP 4.0.7

4.0.7

PHP PHP 4.1.0

4.1.0

PHP PHP 4.1.1

4.1.1

PHP PHP 4.1.2

4.1.2

PHP PHP 4.2.0

4.2.0

PHP PHP 4.2.1

4.2.1

PHP PHP 4.2.2

4.2.2

PHP PHP 4.2.3

4.2.3

PHP PHP 4.3.0

4.3.0

PHP PHP 4.3.1

4.3.1

PHP PHP 4.3.2

4.3.2

PHP PHP 4.3.3

4.3.3

PHP PHP 4.3.4

4.3.4

PHP PHP 4.3.5

4.3.5

PHP PHP 4.3.6

4.3.6

PHP PHP 4.3.7

4.3.7

PHP PHP 4.3.8

4.3.8

PHP PHP 4.3.9

4.3.9

PHP PHP 4.3.10

4.3.10

PHP PHP 4.3.11

4.3.11

PHP PHP 4.4.0

4.4.0

PHP PHP 4.4.1

4.4.1

PHP PHP 4.4.2

4.4.2

PHP PHP 4.4.3

4.4.3

PHP PHP 4.4.4

4.4.4

PHP PHP 4.4.5

4.4.5

PHP PHP 4.4.6

4.4.6

PHP PHP 4.4.7

4.4.7

PHP 4.4.8

4.4.8

PHP 4.4.9

4.4.9

PHP PHP 5.0.0

5.0.0

PHP PHP 5.0.0 Beta1

5.0.0

PHP PHP 5.0.0 Beta2

5.0.0

PHP PHP 5.0.0 Beta3

5.0.0

PHP PHP 5.0.0 Beta4

5.0.0

PHP PHP 5.0.0 RC1

5.0.0

PHP PHP 5.0.0 RC2

5.0.0

PHP PHP 5.0.0 RC3

5.0.0

PHP PHP 5.0.1

5.0.1

PHP PHP 5.0.2

5.0.2

PHP PHP 5.0.3

5.0.3

PHP PHP 5.0.4

5.0.4

PHP PHP 5.0.5

5.0.5

PHP PHP 5.1.0

5.1.0

PHP PHP 5.1.1

5.1.1

PHP PHP 5.1.2

5.1.2

PHP PHP 5.1.3

5.1.3

PHP 5.1.4

5.1.4

PHP PHP 5.1.5

5.1.5

PHP PHP 5.1.6

5.1.6

PHP 5.2.0

5.2.0

PHP 5.2.1

5.2.1

PHP 5.2.2

5.2.2

PHP 5.2.3

5.2.3

PHP 5.2.4

5.2.4

PHP 5.2.5

5.2.5

PHP 5.2.6

5.2.6

PHP 5.2.7

5.2.7

PHP 5.2.8

5.2.8

PHP 5.2.9

5.2.9

PHP 5.2.10

5.2.10

PHP 5.2.11

5.2.11

PHP 5.2.12

5.2.12

PHP 5.2.13

5.2.13

PHP 5.2.14

5.2.14

PHP 5.2.15

5.2.15

PHP 5.2.16

5.2.16

PHP 5.2.17

5.2.17

PHP 5.3.0

5.3.0

PHP 5.3.1

5.3.1

PHP 5.3.2

5.3.2

PHP 5.3.3

5.3.3

PHP 5.3.4

5.3.4

PHP 5.3.5

5.3.5

PHP 5.3.6

5.3.6

PHP 5.3.7

5.3.7

PHP 5.3.8

5.3.8

PHP 5.3.9

5.3.9

PHP 5.3.10

5.3.10

PHP 5.3.11

5.3.11

PHP 5.3.12

5.3.12

PHP PHP

References

http://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34

http://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9

Vendor Advisory

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

APPLE-SA-2012-09-19-2

FEDORA-2012-8893

FEDORA-2012-8924

FEDORA-2012-8915

SUSE-SU-2012:0840

openSUSE-SU-2012:1251

openSUSE-SU-2012:1288

openSUSE-SU-2012:1299

RHSA-2012:1037

49304

Vendor Advisory

50718

Vendor Advisory

FreeBSD-SA-12:02

Vendor Advisory

http://support.apple.com/kb/HT5501

DSA-2491

MDVSA-2012:092

http://www.postgresql.org/docs/8.3/static/release-8-3-19.html

Vendor Advisory

http://www.postgresql.org/docs/8.4/static/release-8-4-12.html

Vendor Advisory

http://www.postgresql.org/docs/9.0/static/release-9-0-8.html

Vendor Advisory

http://www.postgresql.org/docs/9.1/static/release-9-1-4.html

Vendor Advisory

http://www.postgresql.org/support/security/

Vendor Advisory

1026995

https://bugzilla.redhat.com/show_bug.cgi?id=816956

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.