VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-3075
encfs: EncFS before 1.7.0 encrypts multiple blocks by mean...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3075

Original

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-09-17
Source Information Category:
Advisory, Alert
Last Updated:
2010-09-20




Affected Product Tags
cpe:/a:arg0:encfs:1.4.0
cpe:/a:arg0:encfs:1.4.1
cpe:/a:arg0:encfs:1.4.1.1
cpe:/a:arg0:encfs:1.4.2
cpe:/a:arg0:encfs:1.5.0
cpe:/a:arg0:encfs:1.6.0 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=630460




CONFIRM http://www.arg0.net/encfs




FEDORA FEDORA-2010-14200




FEDORA FEDORA-2010-14254




FEDORA FEDORA-2010-14268




FULLDISC 20100826 Multiple Vulnerabilities in EncFS




MLIST [oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS




MLIST [oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS




MLIST [oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS




SECUNIA 41478




SECUNIA 41158




VUPEN ADV-2010-2414




Vulnerability Type Cryptographic Issues (CWE-310)




Copyright © 2010 JPCERT/CC All Rights Reserved.