Vulnerabilities > CVE-2011-2483 - Cryptographic Issues vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE9_12813.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 55918 published 2011-08-20 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55918 title SuSE9 Security Update : glibc suite (YOU Patch Number 12813) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-165.NASL description Multiple vulnerabilities has been identified and fixed in php : Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments (CVE-2011-1148). The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers to cause a denial of service (application crash) via certain flags arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND (CVE-2011-1657). Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket (CVE-2011-1938). The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a file path injection vulnerability. (CVE-2011-2202). crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182). PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors (CVE-2011-3267). Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483 (CVE-2011-3268). The updated php packages have been upgraded to 5.3.8 which is not vulnerable to these issues. Additionally some of the PECL extensions has been upgraded and/or rebuilt for the new php version. last seen 2020-06-01 modified 2020-06-02 plugin id 56707 published 2011-11-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56707 title Mandriva Linux Security Advisory : php (MDVSA-2011:165) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-22.NASL description The remote host is affected by the vulnerability described in GLSA-201110-22 (PostgreSQL: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a specially crafted SQL query to a PostgreSQL server with the last seen 2020-06-01 modified 2020-06-02 plugin id 56626 published 2011-10-25 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56626 title GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-12.NASL description A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 69571 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69571 title Amazon Linux AMI : postgresql (ALAS-2011-12) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-180.NASL description A vulnerability was discovered and fixed in php-suhosin : crypt_blowfish before 1.1, as used in suhosin does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 56968 published 2011-11-29 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56968 title Mandriva Linux Security Advisory : php-suhosin (MDVSA-2011:180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1377.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 56533 published 2011-10-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56533 title RHEL 4 / 5 / 6 : postgresql (RHSA-2011:1377) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-7.NASL description PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. php: changes to is_a() in 5.3.7 may allow arbitrary code execution with certain code A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. A stack-based buffer overflow flaw was found in the way the PHP socket extension handled long AF_UNIX socket addresses. An attacker able to make a PHP script connect to a long AF_UNIX socket address could use this flaw to crash the PHP interpreter. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a last seen 2020-06-01 modified 2020-06-02 plugin id 78268 published 2014-10-12 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78268 title Amazon Linux AMI : php (ALAS-2011-7) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-849.NASL description - update to 5.0.26 [bnc#848594] - Added the .cf TLD server. - Updated the .bi TLD server. - Added a new ASN allocation. - includes changes from 5.0.25 - Added the .ax, .bn, .iq, .pw and .rw TLD servers. - Updated one or more translations. - includes updates changes 5.0.24 : - Merged documentation fixes and the whois.conf(5) man page - Added a new ASN allocation. - Updated one or more translations. - includes changes from 5.0.23 - whois.nic.or.kr switched from EUC-KR to UTF-8. - includes changes from 5.0.22 - Fixed cross-compiling - includes changes from 5.0.21 - Fixed parsing of 6to4 addresses - Added the .xn--j1amh (.укр, Ukraine) TLD server. - Updated the .bi, .se and .vn TLD servers. - Removed whois.pandi.or.id from the list of servers which support the RIPE extensions, since it does not anymore and queries are broken. - Updated some disclaimer suppression strings. - Respect DEB_HOST_GNU_TYPE when selecting CC for cross-compiling. - includes changes form 5.0.20 - Updated the .by, .ng, .om, .sm, .tn, .ug and .vn TLD servers. - Added the .bw, .td, .xn--mgb9awbf (عمان ;., Oman), .xn--mgberp4a5d4ar (.السØ&sup 1;وديØ&cop y;, Saudi Arabia) and .xn--mgbx4cd0ab (ï»¢ï» ï»&acu te;ïº´ï»³ïº 41;., Malaysia) TLD servers. - Removed the .kp, .mc, .rw and .xn--mgba3a4f16a (ایرØ&sec t;Ù†., Iran) TLD servers. - includes changes from 5.0.19 - Added the .post TLD server. - Updated the .co.za SLD servers. - Added the .alt.za, .net.za and .web.za SLD servers. - whois.ua changed (?) the encoding to utf-8. - Fixed the parsing of 6to4 addresses like whois 2002:xxxx::. - includes changes from 5.0.18 - Updated the .ae and .xn--mgbaam7a8h (.اماØ&plu smn;ات, United Arabs Emirates) TLDs. - Updated the server charset table for .fr and .it. - includes changes from whois 5.0.17 - Updated the .bi, .fo, .gr and .gt TLD servers. - Removed support for recursion of .org queries, it has been a thick registry since 2005. - includes changes from 5.0.16 - Added the .xn--80ao21a (.ҚАЗ, Kazakhstan) TLD server. - Updated the .ec and .ee TLD servers. - Removed the .xn--mgbc0a9azcg (.المØ&ord m;رب, Morocco) and .xn--mgberp4a5d4ar (.السØ&sup 1;وديØ&cop y;, Saudi Arabia) TLD servers. - Added a new ASN allocation. - Updated one or more translations. - includes changes from 5.0.15 - Added the .xn--mgba3a4f16a (ایرØ&sec t;Ù†., Iran) TLD server. - Updated the .pe TLD server, this time for real. - Updated one or more translations. - includes changes from 5.0.14 - Added the .sx TLD server. - Updated the .pe TLD server. - includes changes from 5.0.13 - Updated the .hr TLD server. - Improved the package description - Updated the FSF address in licenses. - includes changes from 5.0.12 - Recursion disabled when the query string contains spaces, because probably the query format will not be compatible with the referral server (e.g. whois to rwhois or ARIN to RIPE). - Add the last seen 2020-06-05 modified 2014-06-13 plugin id 75198 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75198 title openSUSE Security Update : whois (openSUSE-SU-2013:1670-1) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1378.NASL description Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 56536 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56536 title CentOS 5 : postgresql84 (CESA-2011:1378) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1377.NASL description Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 56535 published 2011-10-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56535 title CentOS 4 / 5 : postgresql (CESA-2011:1377) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2011-237-01.NASL description New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55980 published 2011-08-26 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55980 title Slackware 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : php (SSA:2011-237-01) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_057BF770CAC411E0AEA300215C6A37BB.NASL description PHP development team reports : Security Enhancements and Fixes in PHP 5.3.7 : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) last seen 2020-06-01 modified 2020-06-02 plugin id 55912 published 2011-08-20 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55912 title FreeBSD : php -- multiple vulnerabilities (057bf770-cac4-11e0-aea3-00215c6a37bb) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1377.NASL description From Red Hat Security Advisory 2011:1377 : Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 68370 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68370 title Oracle Linux 4 / 5 / 6 : postgresql (ELSA-2011-1377) NASL family SuSE Local Security Checks NASL id SUSE_SU-2012-1336-1.NASL description PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - CVE-2012-3488: This update fixes arbitrary read and write of files via XSL functionality. - CVE-2012-2655: postgresql: denial of service (stack exhaustion) via specially crafted SQL. - CVE-2011-2483: crypt_blowfish was mishandling 8 bit characters. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-05-20 plugin id 83561 published 2015-05-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/83561 title SUSE SLED10 / SLES10 Security Update : PostgreSQL (SUSE-SU-2012:1336-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-06.NASL description The remote host is affected by the vulnerability described in GLSA-201110-06 (PHP: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could execute arbitrary code, obtain sensitive information from process memory, bypass intended access restrictions, or cause a Denial of Service in various ways. A remote attacker could cause a Denial of Service in various ways, bypass spam detections, or bypass open_basedir restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56459 published 2011-10-12 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56459 title GLSA-201110-06 : PHP: Multiple vulnerabilities NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1231-1.NASL description Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function last seen 2020-06-01 modified 2020-06-02 plugin id 56554 published 2011-10-19 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56554 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : php5 vulnerabilities (USN-1231-1) NASL family Web Servers NASL id HPSMH_7_0_0_24.NASL description According to the web server last seen 2020-06-01 modified 2020-06-02 plugin id 58811 published 2012-04-20 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58811 title HP System Management Homepage < 7.0 Multiple Vulnerabilities NASL family CGI abuses NASL id PHP_5_4_0.NASL description According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.0, and, therefore, potentially affected by multiple vulnerabilities : - crypt_blowfish as used in PHP does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash. (CVE-2011-2483) - Multiple NULL Pointer Dereference with the zend_strndup() fucntion could allow a remote attacker to cause a denial of service. (CVE-2011-4153) - A flaw in SSL sockets with SSL 3.0 / TLS 1.0 was addressed. (CVE-2011-3389) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 122590 published 2019-03-04 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122590 title PHP 5.4.x < 5.4.0 Multiple Vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-11528.NASL description Security Enhancements and Fixes : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1 Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56218 published 2011-09-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56218 title Fedora 15 : maniadrive-1.2-32.fc15 / php-5.3.8-1.fc15 / php-eaccelerator-0.9.6.1-9.fc15 (2011-11528) NASL family SuSE Local Security Checks NASL id SUSE_YAST2-CORE-7726.NASL description This update of yast2-core fixes security issues, bugs, and adds a debugging feature. last seen 2020-06-01 modified 2020-06-02 plugin id 57270 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57270 title SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7726) NASL family SuSE Local Security Checks NASL id SUSE_GLIBC-7663.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd last seen 2017-10-29 modified 2013-12-05 plugin id 57202 published 2011-12-13 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=57202 title SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) (deprecated) NASL family SuSE Local Security Checks NASL id SUSE_11_4_LIBXCRYPT-110824.NASL description The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression. last seen 2020-06-01 modified 2020-06-02 plugin id 75934 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75934 title openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1) NASL family SuSE Local Security Checks NASL id SUSE_GLIBC-7659.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 55920 published 2011-08-20 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/55920 title SuSE 10 Security Update : glibc (ZYPP Patch Number 7659) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2340.NASL description magnum discovered that the blowfish password hashing used amongst others in PostgreSQL contained a weakness that would give passwords with 8 bit characters the same hash as weaker equivalents. last seen 2020-03-17 modified 2011-11-08 plugin id 56730 published 2011-11-08 reporter This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56730 title Debian DSA-2340-1 : postgresql-8.3, postgresql-8.4, postgresql-9.0 - weak password hashing NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-BLOWFISH-110729.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 57839 published 2012-02-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57839 title SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) NASL family SuSE Local Security Checks NASL id SUSE_POSTGRESQL-8311.NASL description PostgreSQL was updated to the latest stable release 8.1.23, fixing various bugs and security issues. The following security issues have been fixed : - This update fixes arbitrary read and write of files via XSL functionality. (CVE-2012-3488) - postgresql: denial of service (stack exhaustion) via specially crafted SQL. (CVE-2012-2655) - crypt_blowfish was mishandling 8 bit characters. (CVE-2011-2483) last seen 2020-06-05 modified 2012-10-15 plugin id 62545 published 2012-10-15 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62545 title SuSE 10 Security Update : PostgreSQL (ZYPP Patch Number 8311) NASL family SuSE Local Security Checks NASL id SUSE_11_4_YAST2-CORE-110822.NASL description This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 76052 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/76052 title openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBXCRYPT-110824.NASL description The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression. last seen 2020-06-01 modified 2020-06-02 plugin id 56018 published 2011-08-31 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56018 title SuSE 11.1 Security Update : libxcrypt (SAT Patch Number 5041) NASL family SuSE Local Security Checks NASL id SUSE_11_3_MAN-PAGES-110823.NASL description The crypt(3) manpage was updated to also list the 2y prefix. last seen 2020-06-01 modified 2020-06-02 plugin id 75642 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75642 title openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-161.NASL description A vulnerability was discovered and corrected in postgresql : contrib/pg_crypto last seen 2020-06-01 modified 2020-06-02 plugin id 56627 published 2011-10-25 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56627 title Mandriva Linux Security Advisory : postgresql (MDVSA-2011:161) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1423.NASL description Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream last seen 2020-06-01 modified 2020-06-02 plugin id 56699 published 2011-11-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56699 title RHEL 5 / 6 : php53 and php (RHSA-2011:1423) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2012-001.NASL description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57798 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57798 title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1378.NASL description From Red Hat Security Advisory 2011:1378 : Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 68371 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68371 title Oracle Linux 5 : postgresql84 (ELSA-2011-1378) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-07.NASL description The MITRE CVE database describes these CVEs as : Revert is_a() behavior to php <= 5.3.6 and add a new new option (allow_string) for the new behavior (accept string and raise autoload if needed) Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple arguments. Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket. The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-data POST requests, which allows remote attackers to conduct absolute path traversal attacks, and possibly create or overwrite arbitrary files, via a crafted upload request, related to a last seen 2020-06-01 modified 2020-06-02 plugin id 69566 published 2013-09-04 reporter This script is Copyright (C) 2013-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69566 title Amazon Linux AMI : php (ALAS-2011-07) NASL family SuSE Local Security Checks NASL id SUSE_11_GLIBC-110729.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE's crypt() implementation supports the blowfish password hashing function (id $2a) and system logins by default also use this method. This update eliminates the bug in the $2a implementation. After installing the update existing $2a hashes therefore no longer match hashes generated with the new, correct implementation if the password contains 8bit characters. For system logins via PAM the pam_unix2 module activates a compat mode and keeps processing existing $2a hashes with the old algorithm. This ensures no user gets locked out. New passwords hashes are created with the id '$2y' to unambiguously identify them as generated with the correct implementation. Note: To actually migrate hashes to the new algorithm all users are advised to change passwords after the update. Services that do not use PAM but do use crypt() to store passwords using the blowfish hash do not have such a compat mode. That means users with 8bit passwords that use such services will not be able to log in anymore after the update. As workaround administrators may edit the service's password database and change stored hashes from $2a to $2x. This will result in crypt() using the old algorithm. Users should be required to change their passwords to make sure they are migrated to the correct algorithm. FAQ : Q: I only use ASCII characters in passwords, am I a affected in any way? A: No. Q: What's the meaning of the ids before and after the update? A: Before the update: $2a -> buggy algorithm After the update: $2x -> buggy algorithm $2a -> correct algorithm $2y -> correct algorithm System logins using PAM have a compat mode enabled by default: $2x -> buggy algorithm $2a -> buggy algorithm $2y -> correct algorithm Q: How do I require users to change their password on next login? A: Run the following command as root for each user: chage -d 0 Q: I run an application that has $2a hashes in it's password database. Some users complain that they can not log in anymore. A: Edit the password database and change the '$2a' prefix of the affected users' hashes to '$2x'. They will be able to log in again but should change their password ASAP. Q: How do I turn off the compat mode for system logins? A: Set BLOWFISH_2a2x=no in /etc/default/passwd last seen 2017-10-29 modified 2013-12-05 plugin id 55919 published 2012-02-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=55919 title SuSE 11.1 Security Update : glibc (SAT Patch Number 4944) (deprecated) NASL family MacOS X Local Security Checks NASL id MACOSX_10_7_3.NASL description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11 last seen 2020-06-01 modified 2020-06-02 plugin id 57797 published 2012-02-02 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57797 title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1229-1.NASL description It was discovered that the blowfish algorithm in the pgcrypto module incorrectly handled certain 8-bit characters, resulting in the password hashes being easier to crack than expected. An attacker who could obtain the password hashes would be able to recover the plaintext with less effort. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56506 published 2011-10-14 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56506 title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : postgresql-8.3, postgresql-8.4 vulnerability (USN-1229-1) NASL family SuSE Local Security Checks NASL id SUSE_11_YAST2-CORE-110830.NASL description This update of yast2-core fixes security issues and a bug : - When setting a password for a user, use blowfish algorithm id 2y instead of 2a. (bnc#700876 / CVE-2011-2483) - Log YCP client arguments only with y2debug, not to reveal AutoYaST passwords. (bnc#492746) - ini-agent: Fixed a test failure last seen 2020-06-01 modified 2020-06-02 plugin id 56034 published 2011-09-01 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56034 title SuSE 11.1 Security Update : yast2-core (SAT Patch Number 5078) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11537.NASL description Security Enhancements and Fixes : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1 Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56219 published 2011-09-19 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56219 title Fedora 14 : maniadrive-1.2-32.fc14 / php-5.3.8-1.fc14 / php-eaccelerator-0.9.6.1-9.fc14 (2011-11537) NASL family Scientific Linux Local Security Checks NASL id SL_20111102_PHP53_AND_PHP_ON_SL5_X.NASL description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream last seen 2020-06-01 modified 2020-06-02 plugin id 61168 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61168 title Scientific Linux Security Update : php53 and php on SL5.x, SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_3_APACHE2-MOD_PHP5-110907.NASL description The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id last seen 2020-06-01 modified 2020-06-02 plugin id 75433 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75433 title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1137-1) NASL family SuSE Local Security Checks NASL id SUSE_11_MAN-PAGES-110825.NASL description Manual pages for several kernel and library functions were added. The crypt(3) manual page was updated to also list the 2y prefix. last seen 2020-06-01 modified 2020-06-02 plugin id 56019 published 2011-08-31 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56019 title SuSE 11.1 Security Update : man-pages (SAT Patch Number 5064) NASL family SuSE Local Security Checks NASL id SUSE_11_4_GLIBC-110729.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 75852 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75852 title openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-179.NASL description Multiple vulnerabilities was discovered and fixed in glibc : The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61938 published 2012-09-06 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61938 title Mandriva Linux Security Advisory : glibc (MDVSA-2011:179) NASL family Scientific Linux Local Security Checks NASL id SL_20111017_POSTGRESQL_ON_SL4_X.NASL description PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 61155 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61155 title Scientific Linux Security Update : postgresql on SL4.x, SL5.x, SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-214.NASL description - Security and bugfix release 9.1.3 : - Require execute permission on the trigger function for last seen 2020-06-05 modified 2014-06-13 plugin id 74591 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74591 title openSUSE Security Update : postgresql (openSUSE-SU-2012:0480-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2399.NASL description Several vulnerabilities have been discovered in PHP, the web scripting language. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2011-1938 The UNIX socket handling allowed attackers to trigger a buffer overflow via a long path name. - CVE-2011-2483 The crypt_blowfish function did not properly handle 8-bit characters, which made it easier for attackers to determine a cleartext password by using knowledge of a password hash. - CVE-2011-4566 When used on 32 bit platforms, the exif extension could be used to trigger an integer overflow in the exif_process_IFD_TAG function when processing a JPEG file. - CVE-2011-4885 It was possible to trigger hash collisions predictably when parsing form parameters, which allows remote attackers to cause a denial of service by sending many crafted parameters. - CVE-2012-0057 When applying a crafted XSLT transform, an attacker could write files to arbitrary places in the filesystem. NOTE: the fix for CVE-2011-2483 required changing the behaviour of this function: it is now incompatible with some old (wrongly) generated hashes for passwords containing 8-bit characters. See the package NEWS entry for details. This change has not been applied to the Lenny version of PHP. last seen 2020-03-17 modified 2012-02-01 plugin id 57753 published 2012-02-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57753 title Debian DSA-2399-2 : php5 - several vulnerabilities NASL family CGI abuses NASL id PHP_5_3_7.NASL description According to its banner, the version of PHP 5.3.x running on the remote host is prior to 5.3.7. It is, therefore, affected by the following vulnerabilities : - A use-after-free vulnerability in substr_replace(). (CVE-2011-1148) - A stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - A code execution vulnerability in ZipArchive::addGlob(). (CVE-2011-1657) - crypt_blowfish was updated to 1.2. (CVE-2011-2483) - Multiple NULL pointer dereferences. (CVE-2011-3182) - An unspecified crash in error_log(). (CVE-2011-3267) - A buffer overflow in crypt(). (CVE-2011-3268) - A flaw exists in the php_win32_get_random_bytes() function when passing MCRYPT_DEV_URANDOM as source to mcrypt_create_iv(). A remote attacker can exploit this to cause a denial of service condition. last seen 2020-06-01 modified 2020-06-02 plugin id 55925 published 2011-08-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55925 title PHP 5.3 < 5.3.7 Multiple Vulnerabilities NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL13519.NASL description PHP has been cited with the following multiple vulnerabilities, which may be locally exploitable on some F5 products : CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function. CVE-2007-3799 The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207. CVE-2010-3710 Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. CVE-2010-3870 The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting (XSS) and SQL injection protection mechanisms via a crafted string. CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference. CVE-2011-1470 The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. CVE-2011-3182 PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) or trigger a buffer overflow by leveraging the ability to provide an arbitrary value for a function argument, related to (1) ext/curl/interface.c, (2) ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c, (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6) ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c, (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10) TSRM/tsrm_win32.c, and (11) the strtotime function. CVE-2011-3267 PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors. CVE-2011-3268 Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483. CVE-2011-4566 Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708. CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. last seen 2020-06-01 modified 2020-06-02 plugin id 78134 published 2014-10-10 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78134 title F5 Networks BIG-IP : Multiple PHP vulnerabilities (K13519) NASL family Scientific Linux Local Security Checks NASL id SL_20111017_POSTGRESQL84_ON_SL5_X.NASL description PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 61154 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61154 title Scientific Linux Security Update : postgresql84 on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_YAST2-CORE-7725.NASL description This update of yast2-core fixes security issues, bugs, and adds a debugging feature. last seen 2020-06-01 modified 2020-06-02 plugin id 56619 published 2011-10-24 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56619 title SuSE 10 Security Update : yast2-core (ZYPP Patch Number 7725) NASL family SuSE Local Security Checks NASL id SUSE_11_3_GLIBC-110729.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 75519 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75519 title openSUSE Security Update : glibc (openSUSE-SU-2011:0921-1) NASL family Fedora Local Security Checks NASL id FEDORA_2011-11464.NASL description Security Enhancements and Fixes : - Updated crypt_blowfish to 1.2. (CVE-2011-2483) - Fixed crash in error_log(). Reported by Mateusz Kocielski - Fixed buffer overflow on overlog salt in crypt(). - Fixed bug #54939 (File path injection vulnerability in RFC1867 File upload filename). Reported by Krzysztof Kotowicz. (CVE-2011-2202) - Fixed stack-based buffer overflow in socket_connect(). (CVE-2011-1938) - Fixed bug #54238 (use-after-free in substr_replace()). (CVE-2011-1148) Upstream announce for 5.3.8: http://www.php.net/archive/2011.php#id2011-08-23-1 Upstream announce for 5.3.7: http://www.php.net/archive/2011.php#id2011-08-18-1 Full Changelog: http://www.php.net/ChangeLog-5.php#5.3.8 php package now provides both apache modules (for prefork and worker MPM). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56150 published 2011-09-12 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56150 title Fedora 16 : maniadrive-1.2-32.fc16 / php-5.3.8-1.fc16 / php-eaccelerator-0.9.6.1-9.fc16 (2011-11464) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2011-178.NASL description Multiple vulnerabilities was discovered and fixed in glibc : Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library (aka glibc or libc6), including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object (DSO) in a subdirectory of the current working directory during execution of a (1) setuid or (2) setgid program that has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 (CVE-2011-0536). The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC (EGLIBC) allow context-dependent attackers to execute arbitrary code or cause a denial of service (memory consumption) via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome (CVE-2011-1071). The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 (CVE-2011-1089). locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function (CVE-2011-1095). Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 (CVE-2011-1659). crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash (CVE-2011-2483). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56953 published 2011-11-28 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56953 title Mandriva Linux Security Advisory : glibc (MDVSA-2011:178) NASL family SuSE Local Security Checks NASL id SUSE_11_4_APACHE2-MOD_PHP5-110907.NASL description The blowfish password hashing implementation did not properly handle 8-characters in passwords, which made it easier for attackers to crack the hash (CVE-2011-2483). After this update existing hashes with id last seen 2020-06-01 modified 2020-06-02 plugin id 75791 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75791 title openSUSE Security Update : apache2-mod_php5 (openSUSE-SU-2011:1138-1) NASL family SuSE Local Security Checks NASL id SUSE_GLIBC-BLOWFISH-7663.NASL description The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods. (CVE-2011-2483) SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 58576 published 2012-04-03 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58576 title SuSE 10 Security Update : glibc (ZYPP Patch Number 7663) NASL family SuSE Local Security Checks NASL id SUSE_11_4_MAN-PAGES-110823.NASL description The crypt(3) manpage was updated to also list the 2y prefix. last seen 2020-06-01 modified 2020-06-02 plugin id 75943 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75943 title openSUSE Security Update : man-pages (openSUSE-SU-2011:0970-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_YAST2-CORE-110822.NASL description This update contains yast2 core changes to change the hash generation of new passwords to the new secure style. Please read the general notes below : The implementation of the blowfish based password hashing method had a bug affecting passwords that contain 8bit characters (e.g. umlauts). Affected passwords are potentially faster to crack via brute-force methods (CVE-2011-2483). SUSE last seen 2020-06-01 modified 2020-06-02 plugin id 75781 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75781 title openSUSE Security Update : yast2-core (openSUSE-SU-2011:0921-2) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1378.NASL description Updated postgresql84 packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. PostgreSQL is an advanced object-relational database management system (DBMS). A signedness issue was found in the way the crypt() function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to applications that store user passwords, hashed with Blowfish using the PostgreSQL crypt() function, in a back-end PostgreSQL database. Unsafe processing can be re-enabled for specific passwords (allowing affected users to log in) by changing their hash prefix to last seen 2020-06-01 modified 2020-06-02 plugin id 56534 published 2011-10-18 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56534 title RHEL 5 : postgresql84 (RHSA-2011:1378) NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBXCRYPT-110824.NASL description The security update for CVE-2011-2483 broke changing blowfish passwords if compat mode was turned on (default). This update fixes the regression. last seen 2020-06-01 modified 2020-06-02 plugin id 75631 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75631 title openSUSE Security Update : libxcrypt (openSUSE-SU-2011:0972-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1423.NASL description From Red Hat Security Advisory 2011:1423 : Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream last seen 2020-06-01 modified 2020-06-02 plugin id 68382 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68382 title Oracle Linux 5 / 6 : php / php53 (ELSA-2011-1423) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1423.NASL description Updated php53 and php packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A signedness issue was found in the way the PHP crypt() function handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character (one with the high bit set) had no effect on the hash result, thus shortening the effective password length. This made brute-force guessing more efficient as several different passwords were hashed to the same value. (CVE-2011-2483) Note: Due to the CVE-2011-2483 fix, after installing this update some users may not be able to log in to PHP applications that hash passwords with Blowfish using the PHP crypt() function. Refer to the upstream last seen 2020-06-01 modified 2020-06-02 plugin id 56695 published 2011-11-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56695 title CentOS 5 : php53 (CESA-2011:1423)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://www.openwall.com/crypt/
- http://www.php.net/archive/2011.php#id2011-08-18-1
- http://www.securityfocus.com/bid/49241
- http://www.php.net/ChangeLog-5.php#5.3.7
- http://php.net/security/crypt_blowfish
- http://freshmeat.net/projects/crypt_blowfish
- http://www.redhat.com/support/errata/RHSA-2011-1378.html
- http://www.postgresql.org/docs/8.4/static/release-8-4-9.html
- http://www.redhat.com/support/errata/RHSA-2011-1377.html
- http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html
- http://www.ubuntu.com/usn/USN-1229-1
- http://www.redhat.com/support/errata/RHSA-2011-1423.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:165
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:180
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:179
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:178
- http://www.debian.org/security/2011/dsa-2340
- http://support.apple.com/kb/HT5130
- http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
- http://www.debian.org/security/2012/dsa-2399
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- https://exchange.xforce.ibmcloud.com/vulnerabilities/69319