Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0591

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2006-0591
Last Modified 13 Jul 2011 12:00:00
Published 07 Feb 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2006-0591

Summary

The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

Vulnerable Systems

Application

  • Solar Designer Crypt Blowfish 0.4.7


References

XF - cryptblowfish-salt-information-disclosure(24590)

SECUNIA - 18772

VUPEN - ADV-2006-0477

BUGTRAQ - 20060207 crypt_blowfish 1.0

REDHAT - RHSA-2006:0526

OSVDB - 23005

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm

SECUNIA - 20782

SECUNIA - 20653

SECUNIA - 20232

MISC - http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/glibc/crypt_blowfish/crypt_gensalt.c?only_with_tag=CRYPT_BLOWFISH_1_0

SGI - 20060602-01-U


Last Updated: 27 May 2016 10:41:43