CVE-2011-3189

EUVD-2011-3154
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
phpphp
5.3.7
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
hardy
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://osvdb.org/74726
http://secunia.com/advisories/45678
http://support.apple.com/kb/HT5130
http://www.openwall.com/lists/oss-security/2011/08/23/4
http://www.php.net/ChangeLog-5.php#5.3.8
http://www.php.net/archive/2011.php#id2011-08-23-1
https://bugs.gentoo.org/show_bug.cgi?id=380261
https://bugs.php.net/bug.php?id=55439
https://exchange.xforce.ibmcloud.com/vulnerabilities/69429
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://osvdb.org/74726
http://secunia.com/advisories/45678
http://support.apple.com/kb/HT5130
http://www.openwall.com/lists/oss-security/2011/08/23/4
http://www.php.net/ChangeLog-5.php#5.3.8
http://www.php.net/archive/2011.php#id2011-08-23-1
https://bugs.gentoo.org/show_bug.cgi?id=380261
https://bugs.php.net/bug.php?id=55439
https://exchange.xforce.ibmcloud.com/vulnerabilities/69429