4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
58.6%
The crypt_des (aka DES-based crypt) function in FreeBSD before
9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not
process the complete cleartext password if this password contains a 0x80
character, which makes it easier for context-dependent attackers to obtain
access via an authentication attempt with an initial substring of the
intended password, as demonstrated by a Unicode password.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | php5 | < 5.3.2-1ubuntu4.17 | UNKNOWN |
ubuntu | 11.04 | noarch | php5 | < 5.3.5-1ubuntu7.10 | UNKNOWN |
ubuntu | 11.10 | noarch | php5 | < 5.3.6-13ubuntu3.8 | UNKNOWN |
ubuntu | 12.04 | noarch | php5 | < 5.3.10-1ubuntu3.2 | UNKNOWN |
ubuntu | 8.04 | noarch | postgresql-8.3 | < 8.3.19-0ubuntu8.04 | UNKNOWN |
ubuntu | 10.04 | noarch | postgresql-8.4 | < 8.4.12-0ubuntu10.04 | UNKNOWN |
ubuntu | 11.04 | noarch | postgresql-8.4 | < 8.4.12-0ubuntu11.04 | UNKNOWN |
ubuntu | 12.04 | noarch | postgresql-8.4 | < 8.4.17-0ubuntu12.04 | UNKNOWN |
ubuntu | 11.10 | noarch | postgresql-9.1 | < 9.1.4-0ubuntu11.10 | UNKNOWN |
ubuntu | 12.04 | noarch | postgresql-9.1 | < 9.1.4-0ubuntu12.04 | UNKNOWN |