Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-2143

Disclosure Date: July 05, 2012
CVE-2012-2143
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • freebsd,
  • php,
  • postgresql

Products

  • debian linux 6.0,
  • freebsd,
  • freebsd 1.0,
  • freebsd 1.1,
  • freebsd 1.1.5,
  • freebsd 1.1.5.1,
  • freebsd 2.0,
  • freebsd 2.0.5,
  • freebsd 2.1,
  • freebsd 2.1.5,
  • freebsd 2.1.6,
  • freebsd 2.1.7,
  • freebsd 2.2,
  • freebsd 2.2.1,
  • freebsd 2.2.2,
  • freebsd 2.2.5,
  • freebsd 2.2.6,
  • freebsd 2.2.7,
  • freebsd 2.2.8,
  • freebsd 3.0,
  • freebsd 3.1,
  • freebsd 3.2,
  • freebsd 3.3,
  • freebsd 3.4,
  • freebsd 3.5,
  • freebsd 4.0,
  • freebsd 4.1,
  • freebsd 4.1.1,
  • freebsd 4.10,
  • freebsd 4.11,
  • freebsd 4.2,
  • freebsd 4.3,
  • freebsd 4.4,
  • freebsd 4.5,
  • freebsd 4.6,
  • freebsd 4.6.2,
  • freebsd 4.7,
  • freebsd 4.8,
  • freebsd 4.9,
  • freebsd 5.0,
  • freebsd 5.1,
  • freebsd 5.2,
  • freebsd 5.2.1,
  • freebsd 5.3,
  • freebsd 5.4,
  • freebsd 5.5,
  • freebsd 6.0,
  • freebsd 6.1,
  • freebsd 6.2,
  • freebsd 6.3,
  • freebsd 6.4,
  • freebsd 7.0,
  • freebsd 7.1,
  • freebsd 7.2,
  • freebsd 7.3,
  • freebsd 7.4,
  • freebsd 8.0,
  • freebsd 8.1,
  • freebsd 8.2,
  • freebsd 8.3,
  • php,
  • postgresql 8.3,
  • postgresql 8.4,
  • postgresql 9.0,
  • postgresql 9.1

References

Canonical
CVE-2012-2143 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143)
Advisory
http://www.postgresql.org/docs/9.1/static/release-9-1-4.html
http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
SECUNIA-50718 (http://secunia.com/advisories/50718)
FEDORA-2012-8924 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html)
FEDORA-2012-8893 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html)
https://bugzilla.redhat.com/show_bug.cgi?id=816956
http://www.postgresql.org/support/security
DSA-2491 (http://www.debian.org/security/2012/dsa-2491)
SECTRACK-1026995 (http://www.securitytracker.com/id?1026995)
http://git.php.net?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34
http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
http://www.postgresql.org/docs/8.4/static/release-8-4-12.html
http://git.postgresql.org/gitweb?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
APPLE-SA-2012-09-19-2 (http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html)
http://support.apple.com/kb/HT5501
http://rhn.redhat.com/errata/RHSA-2012-1037.html
FEDORA-2012-8915 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:092
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://www.postgresql.org/docs/9.0/static/release-9-0-8.html
http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
SECUNIA-49304 (http://secunia.com/advisories/49304)
http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
Miscellaneous
http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis