A security flaw was found in the way DES and extended DES based crypt() password encryption function performed encryption of certain keys, when the key to be encrypted was provided in the Unicode encoding (certain keys were truncated before being DES digested). When the resulting ciphertext for such a previously shortened key was used as a pattern in a password protected resource, intended to be matched against subsequently encrypted value of the password field, retrieved from the user authentication dialog, it could lead to authentication bypass.
This issue affects the versions of the postgresql and postgresql84 packages, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the posgresql package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the postgresql package, as shipped with Fedora release of 15 and 16.
Acknowledgements: Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of this issue.
This issue did NOT affect the version of the php package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the php53 package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the version of the php package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the php package, as shipped with Fedora release of 15 and 16.
Relevant PHP upstream patch: http://git.php.net/?p=php-src.git;a=commitdiff;h=aab49e934de1fff046e659cbec46e3d053b41c34 FreeBSD advisory: http://security.freebsd.org/advisories/FreeBSD-SA-12:02.crypt.asc Relevant PostgreSQL upstream patch: http://git.postgresql.org/gitweb/?p=postgresql.git&a=commitdiff&h=932ded2ed51e8333852e370c7a6dad75d9f236f9
Created php tracking bugs for this issue Affects: fedora-all [bug 826607]
Created postgresql tracking bugs for this issue Affects: fedora-all [bug 826606]
Documented on PostgreSQL upstream security page: http://www.postgresql.org/support/security/ and corrected in 9.1.4, 9.0.8, 8.4.12, and 8.3.19 releases of PostgreSQL: http://www.postgresql.org/docs/9.1/static/release-9-1-4.html http://www.postgresql.org/docs/9.0/static/release-9-0-8.html http://www.postgresql.org/docs/8.4/static/release-8-4-12.html http://www.postgresql.org/docs/8.3/static/release-8-3-19.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1036 https://rhn.redhat.com/errata/RHSA-2012-1036.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:1037 https://rhn.redhat.com/errata/RHSA-2012-1037.html
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1047 https://rhn.redhat.com/errata/RHSA-2012-1047.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1046 https://rhn.redhat.com/errata/RHSA-2012-1046.html
php-5.4.4-1.fc17, maniadrive-1.2-41.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
php-5.3.14-1.fc16, php-eaccelerator-0.9.6.1-9.fc16.6, maniadrive-1.2-32.fc16.6 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Statement: This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 5 as it did not include FreeSec's libcrypt cryptographic algorithms implementation yet. This issue was addressed in php53 package for Red Hat Enterprise Linux 5 via RHSA-2012:1047 and in php package for Red Hat Enterprise Linux 6 via RHSA-2012:1046.