CVE-2010-3074

Severity

21%

Complexity

39%

Confidentiality

48%

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.

SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

arg0 EncFS

First reported 14 years ago

2010-09-17 18:00:00

Last updated 14 years ago

2011-01-14 06:46:00

Affected Software

arg0 EncFS 1.4.0

1.4.0

arg0 EncFS 1.4.1

1.4.1

arg0 EncFS 1.4.1.1

1.4.1.1

arg0 EncFS 1.4.2

1.4.2

arg0 EncFS 1.5.0

1.5.0

References

20100826 Multiple Vulnerabilities in EncFS

http://bugs.gentoo.org/show_bug.cgi?id=335938

http://code.google.com/p/encfs/source/detail?r=59

FEDORA-2010-14268

FEDORA-2010-14254

FEDORA-2010-14200

SUSE-SR:2010:023

41158

Vendor Advisory

41478

Vendor Advisory

http://www.arg0.net/encfs

[oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS

[oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS

[oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS

ADV-2010-2414

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=630460

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.