(Check Point Issues Fix for Check Point IPSO) FreeBSD crypt(3) Hash Generation Error May Generate Incorrect Hashes
|
|
SecurityTracker Alert ID: 1027118 |
|
SecurityTracker URL: http://securitytracker.com/id/1027118
|
|
CVE Reference:
CVE-2012-2143
(Links to External Site)
|
Date: Jun 5 2012
|
Impact:
Modification of authentication information, Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): IPSO 6.2
|
Description:
A vulnerability was reported in FreeBSD. The system may generate incorrect hashes. Check Point IPSO is affected.
When the crypt(3) system call is hashing data that contains a character with only the most significant bit set (0x80), that character and all subsequent characters are ignored.
|
Impact:
The system may generate incorrect hashes.
|
Solution:
Check Point has issued a hotfix for Check Point IPSO 6.2 (formerly Nokia IPSO).
The Check Point advisory is available at:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640
|
Cause:
Input validation error, State error
|
Underlying OS:
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 05 Jun 2012 17:18:17 +0000
Subject: Check Point IPSO
|
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk75640
Check Point response to "libcrypt 'crypt()' Password Encryption Weakness" (CVE-2012-2143)
|
|
