PT-2012-3948 · Debian+2 · Debian+2
Kurt Seifried
·
Publicado
2012-08-07
·
Atualizado
2012-08-08
·
CVE-2012-2317
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
PHP versions 5.3.x through 5.3.2
php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze
php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS
php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04
Description
The issue arises from the improper handling of an empty salt string in the PHP crypt function, potentially allowing remote attackers to bypass authentication in applications that rely on this function for password hashing.
Recommendations
For PHP 5.3.x, update to version 5.3.3 or later.
For Debian GNU/Linux squeeze, update the php5 package to 5.3.3-7+squeeze4 or later.
For Ubuntu 10.04 LTS, update the php5 package to 5.3.2-1ubuntu4.17 or later.
For Ubuntu 11.04, update the php5 package to 5.3.5-1ubuntu7.10 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Debian
Php
Ubuntu