Описание
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 5.4.4-1ubuntu1 |
| hardy | not-affected | code not present |
| lucid | released | 5.3.2-1ubuntu4.17 |
| maverick | ignored | end of life |
| natty | released | 5.3.5-1ubuntu7.10 |
| oneiric | released | 5.3.6-13ubuntu3.8 |
| precise | released | 5.3.10-1ubuntu3.2 |
| quantal | not-affected | 5.4.4-1ubuntu1 |
| raring | not-affected | 5.4.4-1ubuntu1 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | ignored | end of life |
| lucid | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | released | 8.3.19-0ubuntu8.04 |
| lucid | DNE | |
| natty | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 8.3.19 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| hardy | DNE | |
| lucid | released | 8.4.12-0ubuntu10.04 |
| natty | released | 8.4.12-0ubuntu11.04 |
| oneiric | ignored | end of life |
| precise | released | 8.4.17-0ubuntu12.04 |
| quantal | DNE | |
| raring | DNE | |
| upstream | released | 8.4.12 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 9.1.4-1 |
| hardy | DNE | |
| lucid | DNE | |
| natty | DNE | |
| oneiric | released | 9.1.4-0ubuntu11.10 |
| precise | released | 9.1.4-0ubuntu12.04 |
| quantal | not-affected | 9.1.4-1 |
| raring | not-affected | 9.1.4-1 |
| upstream | released | 9.1.4 |
Показывать по
4.3 Medium
CVSS2
Связанные уязвимости
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-REL ...
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.
4.3 Medium
CVSS2