PT-2011-5225 · Suse+3 · Suse Linux Enterprise+4

Published

1970-01-01

·

Updated

2024-06-15

·

CVE-2011-2483

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise (affected versions not specified) crypt blowfish versions prior to 1.1 PHP versions prior to 5.3.7 PostgreSQL versions prior to 8.4.9
Description The issue is related to the handling of 8-bit characters in password hashes, making it easier for attackers to determine cleartext passwords. The vulnerability can be exploited remotely.
Recommendations For SUSE Linux Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For crypt blowfish, update to version 1.1 or later. For PHP, update to version 5.3.7 or later. For PostgreSQL, update to version 8.4.9 or later.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-04548
BDU:2015-04549
BDU:2015-04550
BDU:2015-04551
BDU:2015-04552
BDU:2015-04553
BDU:2015-04554
BDU:2015-04555
BDU:2015-04556
BDU:2015-04557
BDU:2015-04558
BDU:2015-04559
BDU:2015-04560
BDU:2015-04561
BDU:2015-04562
BDU:2015-04563
BDU:2015-04564
BDU:2015-04565
BDU:2015-04566
BDU:2015-04567
BDU:2015-04568
CVE-2011-2483
DSA-2340-1
DSA-2399-1
OPENSUSE-SU-2024:10138-1
OPENSUSE-SU-2024:10312-1
RHSA-2011:1377
RHSA-2011:1378
RHSA-2011:1423
RHSA-2011_1377
RHSA-2011_1378
RHSA-2011_1423

Affected Products

Php
Postgresql
Red Hat
Suse Linux Enterprise
Suse