Lucene search
RootSSV:3697HistoryJul 23, 2008 - 12:00 a.m.
openSUSE libxcrypt不安全口令哈希漏洞
2008-07-2300:00:00
Root
www.seebug.org
16
0.004 Low
EPSS
Percentile
73.6%
BUGTRAQ ID: 30301
CVE(CAN) ID: CVE-2008-3188
openSUSE是一个易于安装SUSE Linux操作系统版本。
openSUSE使用libxcrypt库计算口令的哈希值,可以配置为使用DES、MD5或blowfish。由于libxcrypt库中的一个漏洞,即使/etc/default/passwd文件中已经配置了MD5,系统仍会忽略这个设置使用DES算法。相对较弱的算法可能有助于攻击者的暴力破解。
S.u.S.E. openSUSE 11.0
S.u.S.E.
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00008.html” target=“_blank”>http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00008.html</a>
Related
nessus
nessus
openSUSE Security Update : libxcrypt (libxcrypt-109)
2009-07-21 00:00:00
openvas
openvas
SuSE Update for libxcrypt SUSE-SA:2008:036
2009-01-23 00:00:00
prion
prion
Design/Logic Flaw
2008-07-22 16:41:00
debiancve
debiancve
CVE-2008-3188
2008-07-22 16:41:00
ubuntucve
ubuntucve
CVE-2008-3188
2008-07-22 00:00:00
cvelist
cvelist
CVE-2008-3188
2008-07-22 16:00:00
cve
cve
CVE-2008-3188
2008-07-22 16:41:00
suse
suse
use of weak password hash algorithm in libxcrypt
2008-07-21 13:24:08
nvd
nvd
CVE-2008-3188
2008-07-22 16:41:00