#VU43910 Cryptographic issues in PHP Group products - CVE-2012-2143


| Updated: 2020-11-23

Vulnerability identifier: #VU43910

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-2143

CWE-ID: CWE-310

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PostgreSQL
Server applications / Database software
FreeBSD
Operating systems & Components / Operating system
PHP
Universal components / Libraries / Scripting languages

Vendor: PostgreSQL Global Development Group
FreeBSD Foundation
PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. As per: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 and http://git.php.net/?p=php-src.git;a=commitdiff_plain;h=aab49e934de1fff046e659cbec46e3d053b41c34 PHP 5.3.13 and earlier are vulnerable.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PostgreSQL: 8.3, 8.4, 9.0, 9.1

FreeBSD: 1.0 - 9.1

PHP: 1.0, 1.1, 1.1.5, 1.1.5.1, 2.0b10, 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6, 2.1.7, 2.2, 2.2.1, 2.2.2, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 3.0 - 3.0.18, 3.1, 3.2, 3.3, 3.4, 3.5, 4.0 - 4.0.7, 4.1 - 4.11, 4.2 - 4.2.3, 4.3 - 4.3.11, 4.4 - 4.4.9, 4.5, 4.6, 4.6.2, 4.7, 4.8, 4.9, 5.0 - 5.0.5, 5.1 - 5.1.6, 5.2 - 5.2.17, 5.3 - 5.3.12, 5.4, 5.5, 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, 7.1, 7.2, 7.3, 7.4, 9.0, 9.1

External links
https://git.php.net/?p=php-src.git;a=commit;h=aab49e934de1fff046e659cbec46e3d053b41c34
https://git.postgresql.org/gitweb/?p=postgresql.git&a=commit&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html
https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html
https://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html
https://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html
https://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html
https://rhn.redhat.com/errata/RHSA-2012-1037.html
https://secunia.com/advisories/49304
https://secunia.com/advisories/50718
https://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc
https://support.apple.com/kb/HT5501
https://www.debian.org/security/2012/dsa-2491
https://www.mandriva.com/security/advisories?name=MDVSA-2012:092
https://www.postgresql.org/docs/8.3/static/release-8-3-19.html
https://www.postgresql.org/docs/8.4/static/release-8-4-12.html
https://www.postgresql.org/docs/9.0/static/release-9-0-8.html
https://www.postgresql.org/docs/9.1/static/release-9-1-4.html
https://www.postgresql.org/support/security/
https://www.securitytracker.com/id?1026995
https://bugzilla.redhat.com/show_bug.cgi?id=816956

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Gentoo update for PHP
Amazon Linux AMI update for php
Amazon Linux AMI update for postgresql8
SUSE Linux update for PHP5
Cryptographic issues in postgresql (Alpine package)
Amazon Linux AMI update for postgresql9