what you don't know can hurt you

FreeBSD Security Advisory - Incorrect crypt() Hashing

FreeBSD Security Advisory - Incorrect crypt() Hashing
Posted May 30, 2012
Site security.freebsd.org

FreeBSD Security Advisory - There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

tags | advisory
systems | freebsd
advisories | CVE-2012-2143
MD5 | e4d4e2b2811a3cf4254d7ba2637b5c40

FreeBSD Security Advisory - Incorrect crypt() Hashing

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-SA-12:02.crypt Security Advisory
The FreeBSD Project

Topic: Incorrect crypt() hashing

Category: core
Module: libcrypt
Announced: 2012-05-30
Credits: Rubin Xu, Joseph Bonneau, Donting Yu
Affects: All supported versions of FreeBSD.
Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE)
2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8)
2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE)
2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2)
2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8)
2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10)
2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE)
2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2)
CVE Name: CVE-2012-2143

For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.

I. Background

The crypt(3) function performs password hashing with additional code added
to deter key search attempts.

II. Problem Description

There is a programming error in the DES implementation used in crypt()
when handling input which contains characters that can not be represented
with 7-bit ASCII.

III. Impact

When the input contains characters with only the most significant bit set
(0x80), that character and all characters after it will be ignored.

IV. Workaround

No workaround is available, but systems not using crypt(), or which only
use it to handle 7-bit ASCII are not vulnerable. Note that, because
DES does not have the computational complexity to defeat brute force
search on modern computers, it is not recommended for new applications.

V. Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.

2) To update your vulnerable system via a source code patch:

The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch
# fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch.asc

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libcrypt
# make obj && make depend && make && make install

NOTE: On the amd64 platform, the above procedure will not update the
lib32 (i386 compatibility) libraries. On amd64 systems where the i386
compatibility libraries are used, the operating system should instead
be recompiled as described in
<URL:http://www.FreeBSD.org/handbook/makeworld.html>

3) To update your vulnerable system via a binary patch:

Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install

VI. Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/secure/lib/libcrypt/crypt-des.c 1.16.24.1
RELENG_7_4
src/UPDATING 1.507.2.36.2.10
src/sys/conf/newvers.sh 1.72.2.18.2.13
src/secure/lib/libcrypt/crypt-des.c 1.16.40.2
RELENG_8
src/secure/lib/libcrypt/crypt-des.c 1.16.36.2
RELENG_8_3
src/UPDATING 1.632.2.26.2.4
src/sys/conf/newvers.sh 1.83.2.15.2.6
src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.8.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.10
src/sys/conf/newvers.sh 1.83.2.12.2.13
src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.6.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.13
src/sys/conf/newvers.sh 1.83.2.10.2.14
src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.4.2
RELENG_9
src/secure/lib/libcrypt/crypt-des.c 1.16.42.2
RELENG_9_0
src/UPDATING 1.702.2.4.2.4
src/sys/conf/newvers.sh 1.95.2.4.2.6
src/secure/lib/libcrypt/crypt-des.c 1.16.42.1.2.2
- -------------------------------------------------------------------------

Subversion:

Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236304
releng/7.4/ r236304
stable/8/ r236304
releng/8.3/ r236304
releng/8.2/ r236304
releng/8.1/ r236304
stable/9/ r236304
releng/9.0/ r236304
- -------------------------------------------------------------------------

VII. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:02.crypt.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)

iEYEARECAAYFAk/GEsoACgkQFdaIBMps37JSYQCfZGZceQY4D53qgR9JbI79ZNht
/GIAnjnhxlCnF27cWOhqxkkTWM6f45IM
=7CVu
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    33 Files
  • 2
    Feb 2nd
    30 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    8 Files
  • 5
    Feb 5th
    11 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    1 Files
  • 8
    Feb 8th
    37 Files
  • 9
    Feb 9th
    15 Files
  • 10
    Feb 10th
    11 Files
  • 11
    Feb 11th
    26 Files
  • 12
    Feb 12th
    8 Files
  • 13
    Feb 13th
    1 Files
  • 14
    Feb 14th
    1 Files
  • 15
    Feb 15th
    9 Files
  • 16
    Feb 16th
    33 Files
  • 17
    Feb 17th
    6 Files
  • 18
    Feb 18th
    10 Files
  • 19
    Feb 19th
    20 Files
  • 20
    Feb 20th
    1 Files
  • 21
    Feb 21st
    1 Files
  • 22
    Feb 22nd
    17 Files
  • 23
    Feb 23rd
    15 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    28 Files
  • 26
    Feb 26th
    25 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close