PostgreSQL Global Development GroupPOSTGRESQL:CVE-2012-2143

HistoryJul 05, 2012 - 2:55 p.m.

Vulnerability in contrib module (CVE-2012-2143)

2012-07-0514:55:00

PostgreSQL Global Development Group

www.postgresql.org

580

0.002 Low

EPSS

Percentile

59.3%

JSON

Passwords containing the byte 0x80 passed to the crypt() function in pgcrypto are incorrectly truncated if DES encryption was used

CPENameOperatorVersion
postgresqllt9.1.4
postgresqllt9.0.8
postgresqllt8.3.19
postgresqllt8.4.12

Name	Operator	Version
postgresql	lt	9.1.4
postgresql	lt	9.0.8
postgresql	lt	8.3.19
postgresql	lt	8.4.12

References

/support/security/CVE-2012-2143/

freebsd

FreeBSD -- Incorrect crypt() hashing

2012-05-30 00:00:00

databases/postgresql*-server -- crypt vulnerabilities

2012-05-30 00:00:00

nessus

FreeBSD : databases/postgresql*-server -- crypt vulnerabilities (a8864f8f-aa9e-11e1-a284-0023ae8e59f0)

2012-05-31 00:00:00

Scientific Linux Security Update : postgresql on SL5.x i386/x86_64 (20120625)

2012-08-01 00:00:00

Amazon Linux AMI : postgresql9 (ALAS-2012-91)

2013-09-04 00:00:00

openvas

Amazon Linux: Security Advisory (ALAS-2012-91)

2015-09-08 00:00:00

FreeBSD Ports: FreeBSD

2012-08-10 00:00:00

RedHat Update for postgresql RHSA-2012:1036-01

2012-06-28 00:00:00

freebsd_advisory

FreeBSD-SA-12:02.crypt

2012-05-30 00:00:00

cve

CVE-2012-2143

2012-07-05 14:55:02

securityvulns

FreeBSD Security Advisory FreeBSD-SA-12:02.crypt

2012-05-31 00:00:00

FreeBSD crypt() implementation vulnerability

2012-05-31 00:00:00

PostgreSQL security vulnerabilities

2012-06-13 00:00:00

amazon

Medium: postgresql9

2012-06-19 16:02:00

Medium: php

2012-07-05 16:09:00

Medium: postgresql8

2012-07-05 16:08:00

prion

Default credentials

2012-07-05 14:55:00

centos

postgresql security update

2012-06-25 22:25:31

postgresql, postgresql84 security update

2012-06-25 22:38:39

php53 security update

2012-06-27 20:24:26

redhat

(RHSA-2012:1036) Moderate: postgresql security update

2012-06-25 00:00:00

(RHSA-2012:1037) Moderate: postgresql and postgresql84 security update

2012-06-25 00:00:00

(RHSA-2012:1046) Moderate: php security update

2012-06-27 00:00:00

cvelist

CVE-2012-2143

2012-07-05 14:00:00

oraclelinux

postgresql security update

2012-06-25 00:00:00

postgresql and postgresql84 security update

2012-06-25 00:00:00

php53 security update

2012-06-27 00:00:00

checkpoint_security

Check Point response to "libcrypt 'crypt()' Password Encryption Weakness" (CVE-2012-2143)

2012-06-02 21:00:00

nvd

CVE-2012-2143

2012-07-05 14:55:02

veracode

Authentication Bypass

2019-01-15 08:53:32

Denial Of Service (DoS)

2019-05-02 04:42:10

Denial Of Service (DoS)

2019-05-02 04:42:13

ubuntucve

CVE-2012-2143

2012-06-05 00:00:00

fedora

[SECURITY] Fedora 17 Update: postgresql-9.1.4-1.fc17

2012-06-15 12:27:43

[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.6

2012-07-02 22:31:44

[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16.6

2012-07-02 22:31:44

osv

postgresql-8.4 - several

2012-06-09 00:00:00

debian

[SECURITY] [DSA 2491-1] postgresql-8.4 security update

2012-06-09 11:57:54

ubuntu

PostgreSQL vulnerabilities

2012-06-05 00:00:00

PHP vulnerabilities

2012-06-19 00:00:00

suse

Security update for PHP5 (important)

2012-07-05 03:08:30

gentoo

PostgreSQL: Multiple vulnerabilities

2012-09-28 00:00:00

PHP: Multiple vulnerabilities

2012-09-24 00:00:00

K15903 : Multiple PHP vulnerabilities

2014-12-11 00:00:00

SOL15903 - Multiple PHP vulnerabilities

2014-12-11 00:00:00

Vulnerability in contrib module (CVE-2012-2143)

References

Related