Vulnerability CVE-2012-2317

Vulnerability Name:

CVE-2012-2317 (CCN-77535)

Assigned:

2012-05-11

Published:

2012-05-11

Updated:

2012-08-08

Summary:

The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in the php5 package before 5.3.3-7+squeeze4 in Debian GNU/Linux squeeze, the php5 package before 5.3.2-1ubuntu4.17 in Ubuntu 10.04 LTS, and the php5 package before 5.3.5-1ubuntu7.10 in Ubuntu 11.04, does not properly handle an empty salt string, which might allow remote attackers to bypass authentication by leveraging an application that relies on the PHP crypt function to choose a salt for password hashing.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Bypass Security

References:

Source: CCN
Type: Debian Bug report logs - #581170
php5 crypt() does not complete with emtpy salt

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581170

Source: MITRE
Type: CNA
CVE-2012-2317

Source: MLIST
Type: UNKNOWN
[oss-security] 20120504 Debian/Ubuntu php_crypt_revamped.patch

Source: MLIST
Type: UNKNOWN
[oss-security] 20120505 Re: Debian/Ubuntu php_crypt_revamped.patch

Source: CCN
Type: OSVDB ID: 83111
PHP Empty Salt String Handling Remote Authentication Bypass

Source: CCN
Type: BID-54875
Debian 'php_crypt_revamped.patch' Patch Security Bypass Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-1481-1

Source: XF
Type: UNKNOWN
phpcryptrevampedpatch-sec-bypass(77535)

Vulnerable Configuration:

Configuration 1:

cpe:/a:debian:php5-common:*:*:*:*:*:*:*:* (Version <= 5.3.2-1)

OR cpe:/a:debian:php5-common:5.3.3-7+squeeze4:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:*:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:canonical:php5:*:*:*:*:*:*:*:* (Version <= 5.3.2-1ubuntu4.16)

OR cpe:/a:canonical:php5:5.3.2-1ubuntu4.17:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*

Configuration 3:

cpe:/a:canonical:php5:*:*:*:*:*:*:*:* (Version <= 5.3.5-1ubuntu7.9)

OR cpe:/a:canonical:php5:5.3.5-1ubuntu7.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:debian:debian_linux:*:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*

OR cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

OR cpe:/a:debian:php5-common:5.3.3-7+squeeze4:*:*:*:*:*:*:*

OR cpe:/a:debian:php5-common:5.3.2-1:*:*:*:*:*:*:*

OR cpe:/a:canonical:php5:5.3.2-1ubuntu4.17:*:*:*:*:*:*:*

OR cpe:/a:canonical:php5:5.3.2-1ubuntu4.16:*:*:*:*:*:*:*

OR cpe:/a:canonical:php5:5.3.5-1ubuntu7.10:*:*:*:*:*:*:*

OR cpe:/a:canonical:php5:5.3.5-1ubuntu7.9:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:17519	P	USN-1481-1 -- php5 vulnerabilities	2014-06-30
oval:com.ubuntu.precise:def:20122317000	V	CVE-2012-2317 on Ubuntu 12.04 LTS (precise) - low.	2012-08-07

BACK