VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3073
encfs: SSL_Cipher.cpp in EncFS before 1.7.0 does not prope...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3073

Original

SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-17
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-20




Affected Product Tags
cpe:/a:arg0:encfs:1.4.0
cpe:/a:arg0:encfs:1.4.1
cpe:/a:arg0:encfs:1.4.1.1
cpe:/a:arg0:encfs:1.4.2
cpe:/a:arg0:encfs:1.5.0
cpe:/a:arg0:encfs:1.6.0 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

X Local [?]
Adjacent Network [?]
Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=630460




CONFIRM http://code.google.com/p/encfs/source/detail?r=59




FEDORA FEDORA-2010-14200




FEDORA FEDORA-2010-14254




FEDORA FEDORA-2010-14268




FULLDISC 20100826 Multiple Vulnerabilities in EncFS




MLIST [oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS




MLIST [oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS




MLIST [oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS




SECUNIA 41478




SECUNIA 41158




VUPEN ADV-2010-2414




Vulnerability Type Cryptographic Issues (CWE-310)




Copyright © 2010 JPCERT/CC All Rights Reserved.