CVE-2011-2483

crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash.
References
Link Resource
http://freshmeat.net/projects/crypt_blowfish Broken Link
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html Third Party Advisory
http://php.net/security/crypt_blowfish Third Party Advisory
http://support.apple.com/kb/HT5130 Third Party Advisory
http://www.debian.org/security/2011/dsa-2340 Third Party Advisory VDB Entry
http://www.debian.org/security/2012/dsa-2399 Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 Broken Link
http://www.openwall.com/crypt/ Mailing List Patch Third Party Advisory
http://www.php.net/ChangeLog-5.php#5.3.7 Third Party Advisory
http://www.php.net/archive/2011.php#id2011-08-18-1 Patch Vendor Advisory
http://www.postgresql.org/docs/8.4/static/release-8-4-9.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1377.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1378.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1423.html Broken Link
http://www.securityfocus.com/bid/49241 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1229-1 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 Third Party Advisory VDB Entry
http://freshmeat.net/projects/crypt_blowfish Broken Link
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html Third Party Advisory
http://php.net/security/crypt_blowfish Third Party Advisory
http://support.apple.com/kb/HT5130 Third Party Advisory
http://www.debian.org/security/2011/dsa-2340 Third Party Advisory VDB Entry
http://www.debian.org/security/2012/dsa-2399 Third Party Advisory VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 Broken Link
http://www.openwall.com/crypt/ Mailing List Patch Third Party Advisory
http://www.php.net/ChangeLog-5.php#5.3.7 Third Party Advisory
http://www.php.net/archive/2011.php#id2011-08-18-1 Patch Vendor Advisory
http://www.postgresql.org/docs/8.4/static/release-8-4-9.html Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-1377.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1378.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1423.html Broken Link
http://www.securityfocus.com/bid/49241 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1229-1 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:openwall:crypt_blowfish:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:28

Type Values Removed Values Added
References () http://freshmeat.net/projects/crypt_blowfish - Broken Link () http://freshmeat.net/projects/crypt_blowfish - Broken Link
References () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - Third Party Advisory () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - Third Party Advisory
References () http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html - Mailing List () http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html - Third Party Advisory
References () http://php.net/security/crypt_blowfish - Third Party Advisory () http://php.net/security/crypt_blowfish - Third Party Advisory
References () http://support.apple.com/kb/HT5130 - Third Party Advisory () http://support.apple.com/kb/HT5130 - Third Party Advisory
References () http://www.debian.org/security/2011/dsa-2340 - Third Party Advisory, VDB Entry () http://www.debian.org/security/2011/dsa-2340 - Third Party Advisory, VDB Entry
References () http://www.debian.org/security/2012/dsa-2399 - Third Party Advisory, VDB Entry () http://www.debian.org/security/2012/dsa-2399 - Third Party Advisory, VDB Entry
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 - Broken Link
References () http://www.openwall.com/crypt/ - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/crypt/ - Mailing List, Patch, Third Party Advisory
References () http://www.php.net/ChangeLog-5.php#5.3.7 - Third Party Advisory () http://www.php.net/ChangeLog-5.php#5.3.7 - Third Party Advisory
References () http://www.php.net/archive/2011.php#id2011-08-18-1 - Patch, Vendor Advisory () http://www.php.net/archive/2011.php#id2011-08-18-1 - Patch, Vendor Advisory
References () http://www.postgresql.org/docs/8.4/static/release-8-4-9.html - Patch, Vendor Advisory () http://www.postgresql.org/docs/8.4/static/release-8-4-9.html - Patch, Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2011-1377.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-1377.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2011-1378.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-1378.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2011-1423.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-1423.html - Broken Link
References () http://www.securityfocus.com/bid/49241 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/49241 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-1229-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-1229-1 - Third Party Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 - Third Party Advisory, VDB Entry

23 Apr 2024, 19:57

Type Values Removed Values Added
First Time Openwall
Openwall crypt Blowfish
CPE cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.2:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:solar_designer:crypt_blowfish:0.4:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
cpe:2.3:a:openwall:crypt_blowfish:*:*:*:*:*:*:*:*
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 - Third Party Advisory () https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 - Third Party Advisory, VDB Entry

25 Oct 2023, 20:23

Type Values Removed Values Added
CPE cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
First Time Postgresql
Postgresql postgresql
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1423.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1423.html - Broken Link
References (CONFIRM) http://support.apple.com/kb/HT5130 - (CONFIRM) http://support.apple.com/kb/HT5130 - Third Party Advisory
References (CONFIRM) http://www.php.net/archive/2011.php#id2011-08-18-1 - (CONFIRM) http://www.php.net/archive/2011.php#id2011-08-18-1 - Patch, Vendor Advisory
References (DEBIAN) http://www.debian.org/security/2012/dsa-2399 - (DEBIAN) http://www.debian.org/security/2012/dsa-2399 - Third Party Advisory, VDB Entry
References (CONFIRM) http://www.php.net/ChangeLog-5.php#5.3.7 - (CONFIRM) http://www.php.net/ChangeLog-5.php#5.3.7 - Third Party Advisory
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00015.html - Third Party Advisory
References (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - (CONFIRM) http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - Third Party Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1378.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1378.html - Broken Link
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/69319 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/49241 - (BID) http://www.securityfocus.com/bid/49241 - Third Party Advisory, VDB Entry
References (APPLE) http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html - (APPLE) http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html - Mailing List
References (MISC) http://freshmeat.net/projects/crypt_blowfish - (MISC) http://freshmeat.net/projects/crypt_blowfish - Broken Link
References (CONFIRM) http://www.openwall.com/crypt/ - Patch (CONFIRM) http://www.openwall.com/crypt/ - Mailing List, Patch, Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:165 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:180 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:178 - Broken Link
References (CONFIRM) http://www.postgresql.org/docs/8.4/static/release-8-4-9.html - (CONFIRM) http://www.postgresql.org/docs/8.4/static/release-8-4-9.html - Patch, Vendor Advisory
References (UBUNTU) http://www.ubuntu.com/usn/USN-1229-1 - (UBUNTU) http://www.ubuntu.com/usn/USN-1229-1 - Third Party Advisory
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:179 - Broken Link
References (CONFIRM) http://php.net/security/crypt_blowfish - (CONFIRM) http://php.net/security/crypt_blowfish - Third Party Advisory
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1377.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2011-1377.html - Broken Link
References (DEBIAN) http://www.debian.org/security/2011/dsa-2340 - (DEBIAN) http://www.debian.org/security/2011/dsa-2340 - Third Party Advisory, VDB Entry

Information

Published : 2011-08-25 14:22

Updated : 2024-11-21 01:28


NVD link : CVE-2011-2483

Mitre link : CVE-2011-2483

CVE.ORG link : CVE-2011-2483


JSON object : View

Products Affected

openwall

  • crypt_blowfish

php

  • php

postgresql

  • postgresql
CWE
CWE-310

Cryptographic Issues