Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-2143

Disclosure Date: July 05, 2012
CVE-2012-2143
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2012-2143 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143)
Advisory
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
SECUNIA-50718 (http://secunia.com/advisories/50718)
FEDORA-2012-8924 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html)
FEDORA-2012-8893 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html)
https://bugzilla.redhat.com/show_bug.cgi?id=816956
http://www.postgresql.org/support/security
DSA-2491 (http://www.debian.org/security/2012/dsa-2491)
SECTRACK-1026995 (http://www.securitytracker.com/id?1026995)
http://git.php.net?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
http://git.postgresql.org/gitweb?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
APPLE-SA-2012-09-19-2 (http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html)
http://support.apple.com/kb/HT5501
http://rhn.redhat.com/errata/RHSA-2012-1037.html
FEDORA-2012-8915 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
SECUNIA-49304 (http://secunia.com/advisories/49304)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Miscellaneous
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis