FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-2483

This CVE name corresponds to:

Entered Topic
2011-08-20 php -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2011-2483
Phase Assigned(20110615)

Description

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.

References

Source Reference
MISC http://freshmeat.net/projects/crypt_blowfish
CONFIRM http://php.net/security/crypt_blowfish
CONFIRM http://www.openwall.com/crypt/
CONFIRM http://www.php.net/ChangeLog-5.php#5.3.7
CONFIRM http://www.php.net/archive/2011.php#id2011-08-18-1
CONFIRM http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
CONFIRM http://support.apple.com/kb/HT5130
APPLE APPLE-SA-2012-02-01-1
DEBIAN DSA-2340
DEBIAN DSA-2399
MANDRIVA MDVSA-2011:180
MANDRIVA MDVSA-2011:165
MANDRIVA MDVSA-2011:178
MANDRIVA MDVSA-2011:179
REDHAT RHSA-2011:1377
REDHAT RHSA-2011:1378
REDHAT RHSA-2011:1423
SUSE SUSE-SA:2011:035
UBUNTU USN-1229-1
BID 49241
XF php-cryptblowfish-info-disclosure(69319)