Описание
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 3 | rh-postgresql | Will not fix | ||
| Red Hat Enterprise Linux 4 | postgresql | Fixed | RHSA-2011:1377 | 17.10.2011 |
| Red Hat Enterprise Linux 5 | postgresql | Fixed | RHSA-2011:1377 | 17.10.2011 |
| Red Hat Enterprise Linux 5 | postgresql84 | Fixed | RHSA-2011:1378 | 17.10.2011 |
| Red Hat Enterprise Linux 5 | php53 | Fixed | RHSA-2011:1423 | 02.11.2011 |
| Red Hat Enterprise Linux 6 | postgresql | Fixed | RHSA-2011:1377 | 17.10.2011 |
| Red Hat Enterprise Linux 6 | php | Fixed | RHSA-2011:1423 | 02.11.2011 |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain plat ...
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
4.3 Medium
CVSS2