Amazon Linux AMI: Security patch for postgresql9 (ALAS-2012-91) (CVE-2012-2143)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | July 05, 2012 | February 28, 2014 | July 04, 2017 |
Description
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
Free Nexpose Download
Discover, prioritize, and remediate security risks today!
References
Solution
amazon-linux-upgrade-postgresql9Related Vulnerabilities
- ELSA-2012-1037 Moderate: Oracle Linux postgresql and postgresql84 security update
- RHSA-2012:1036: postgresql security update
- USN-1461-1: PostgreSQL vulnerabilities
- OS X update for PHP (CVE-2012-2143)
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 source code patch
- DSA-2491-1 postgresql-8.4 -- several vulnerabilities
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 documentation patch
- SUSE Linux Security Vulnerability: CVE-2012-2143
- Vulnerabilities deemed not relevant on Red Hat Enterprise Linux 5
- RHSA-2012:1037: postgresql and postgresql84 security update
- Amazon Linux AMI: Security patch for php (ALAS-2012-95) (multiple CVEs)
- PostgreSQL class C vulnerability in contrib module: CVE-2012-2143
- PHP Vulnerability: CVE-2012-2143
- FreeBSD: FreeBSD -- Incorrect crypt() hashing (FreeBSD-SA-12:02.crypt) (CVE-2012-2143)
- Gentoo Linux: CVE-2012-2143: PHP: Multiple vulnerabilities
- RHSA-2012:1046: php security update
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 source code patch
- USN-1481-1: PHP vulnerabilities
- ELSA-2012-1036 Moderate: Oracle Linux postgresql security update
- OS X update for Note (CVE-2012-2143)
- Sun Patch: SunOS 5.10_x86: PostgreSQL 8.3 core patch
- RHSA-2012:1047: php53 security update
- Alpine Linux: CVE-2012-2143: Multiple vulnerabilities in postgresql < 9.0.8 may allow remote code execution
- ELSA-2012-1263 Moderate: Oracle Linux postgresql and postgresql84 security update
- FreeBSD: databases/postgresql*-server -- crypt vulnerabilities (CVE-2012-2143)
- Amazon Linux AMI: Security patch for postgresql8 (ALAS-2012-94) (multiple CVEs)
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 documentation patch
- ELSA-2012-1046 Moderate: Oracle Linux php security update
- ELSA-2012-1047 Moderate: Oracle Linux php53 security update
- Sun Patch: SunOS 5.10: PostgreSQL 8.3 core patch