FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Incorrect crypt() hashing

Affected packages
7.4 <= FreeBSD < 7.4_8
8.1 <= FreeBSD < 8.1_10
8.2 <= FreeBSD < 8.2_8
8.3 <= FreeBSD < 8.3_2
9.0 <= FreeBSD < 9.0_2

Details

VuXML ID 185ff22e-c066-11e1-b5e0-000c299b62e1
Discovery 2012-05-30
Entry 2012-06-27

Problem description:

There is a programming error in the DES implementation used in crypt() when handling input which contains characters that cannot be represented with 7-bit ASCII.

When the input contains characters with only the most significant bit set (0x80), that character and all characters after it will be ignored.

References

CVE Name CVE-2012-2143
FreeBSD Advisory SA-12:02.crypt