FreeBSD Security Advisory (Crypt)

Posted on May 30, 2012 by Gerard

The FreeBSD Security Team has identified an issue in crypt and has issued the following security advisory: FreeBSD-SA-12:02.crypt (30/05/2012).

I. Background

The crypt(3) function performs password hashing with additional code added to deter key search attempts.

II. Problem Description

There is a programming error in the DES implementation used in crypt() when handling input which contains characters that can not be represented with 7-bit ASCII.

III. Impact

When the input contains characters with only the most significant bit set (0×80), that character and all characters after it will be ignored.

For a workaround and solution, check out the security advisory: FreeBSD-SA-12:02.crypt


Related posts:

  1. FreeBSD Security Advisory (pseudofs)
  2. FreeBSD Security Advisory (telnetd)
  3. FreeBSD Security Advisory (bind)
  4. FreeBSD Security Advisory (mountd)
  5. FreeBSD Security Advisory (bind, sysret)


About Gerard

Gerard is a keen user of open source operating systems and software. On this blog he shares FreeBSD news and links that he comes across.
This entry was posted in FreeBSD Security Advisories. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>