Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2483

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2483
Last Modified 08 Feb 2012 11:06:38
Published 25 Aug 2011 10:22:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2483

Summary

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

Vulnerable Systems

Application

  • Php 1.0

  • Php 2.0

  • Php 2.0b10

  • Php 3.0

  • Php 3.0.1

  • Php 3.0.10

  • Php 3.0.11

  • Php 3.0.12

  • Php 3.0.13

  • Php 3.0.14

  • Php 3.0.15

  • Php 3.0.16

  • Php 3.0.17

  • Php 3.0.18

  • Php 3.0.2

  • Php 3.0.3

  • Php 3.0.4

  • Php 3.0.5

  • Php 3.0.6

  • Php 3.0.7

  • Php 3.0.8

  • Php 3.0.9

  • Php 4.0

  • Php 4.0.0

  • Php 4.0.1

  • Php 4.0.2

  • Php 4.0.3

  • Php 4.0.4

  • Php 4.0.5

  • Php 4.0.6

  • Php 4.0.7

  • Php 4.1.0

  • Php 4.1.1

  • Php 4.1.2

  • Php 4.2.0

  • Php 4.2.1

  • Php 4.2.2

  • Php 4.2.3

  • Php 4.3.0

  • Php 4.3.1

  • Php 4.3.10

  • Php 4.3.11

  • Php 4.3.2

  • Php 4.3.3

  • Php 4.3.4

  • Php 4.3.5

  • Php 4.3.6

  • Php 4.3.7

  • Php 4.3.8

  • Php 4.3.9

  • Php 4.4.0

  • Php 4.4.1

  • Php 4.4.2

  • Php 4.4.3

  • Php 4.4.4

  • Php 4.4.5

  • Php 4.4.6

  • Php 4.4.7

  • Php 4.4.8

  • Php 4.4.9

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2

  • Php 5.1.3

  • Php 5.1.4

  • Php 5.1.5

  • Php 5.1.6

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.10

  • Php 5.2.11

  • Php 5.2.12

  • Php 5.2.13

  • Php 5.2.14

  • Php 5.2.2

  • Php 5.2.3

  • Php 5.2.4

  • Php 5.2.5

  • Php 5.2.6

  • Php 5.2.8

  • Php 5.2.9

  • Php 5.3.0

  • Php 5.3.1

  • Php 5.3.2

  • Php 5.3.3

  • Php 5.3.4

  • Php 5.3.5

  • Php 5.3.6

  • Solar Designer Crypt Blowfish 0.2

  • Solar Designer Crypt Blowfish 0.3

  • Solar Designer Crypt Blowfish 0.4

  • Solar Designer Crypt Blowfish 0.4.1

  • Solar Designer Crypt Blowfish 0.4.2

  • Solar Designer Crypt Blowfish 0.4.3

  • Solar Designer Crypt Blowfish 0.4.4

  • Solar Designer Crypt Blowfish 0.4.5

  • Solar Designer Crypt Blowfish 0.4.6

  • Solar Designer Crypt Blowfish 0.4.7


References

CONFIRM - http://www.openwall.com/crypt/

XF - php-cryptblowfish-info-disclosure(69319)

BID - 49241

REDHAT - RHSA-2011:1378

REDHAT - RHSA-2011:1377

CONFIRM - http://www.postgresql.org/docs/8.4/static/release-8-4-9.html

CONFIRM - http://www.php.net/ChangeLog-5.php#5.3.7

CONFIRM - http://www.php.net/archive/2011.php#id2011-08-18-1

CONFIRM - http://php.net/security/crypt_blowfish

SUSE - SUSE-SA:2011:035

MISC - http://freshmeat.net/projects/crypt_blowfish

UBUNTU - USN-1229-1

REDHAT - RHSA-2011:1423

MANDRIVA - MDVSA-2011:180

MANDRIVA - MDVSA-2011:179

MANDRIVA - MDVSA-2011:178

MANDRIVA - MDVSA-2011:165

DEBIAN - DSA-2340

CONFIRM - http://support.apple.com/kb/HT5130

APPLE - APPLE-SA-2012-02-01-1

DEBIAN - DSA-2399

Related Patches

Apple 2012-02-01 Mac OS X Server 10.7.3 Update

Apple 2012-02-01 Mac OS X 10.7.3 Update

Apple 2012-02-01 Mac OS X Server 10.7.3 Combo Update

Apple 2012-02-01 Mac OS X 10.7.3 Combo Update

Apple 2012-02-01 Security Update 2012-001 v1.1 Server (Snow Leopard)

Apple 2012-02-01 Security Update 2012-001 v1.1 (Snow Leopard)

Red Hat 2011:1423-01 RHSA Moderate: php53 and php security update for RHEL 5 x86

Novell SUSE 2011:4944 glibc security update for SLE 11 SP1 i586

Novell SUSE 2011:5041 libxcrypt security update for SLE 11 SP1 i586

Novell SUSE 2011:5064 man-pages security update for SLE 11 SP1 i586

Novell SUSE 2011:5078 yast2-core security update for SLE 11 SP1 i586

Novell SUSE 2011:7726 yast2-core security update for SLE 10 SP4 i586

Novell SUSE 2012:8311 postgresql security update for SLE 10 SP4 i586

Novell SUSE 2012:8311 postgresql security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:58:02