CVE-2010-3075
N/A
N/A
Summary
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/41158
- https://bugzilla.redhat.com/show_bug.cgi?id=630460
- http://secunia.com/advisories/41478
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
- http://www.openwall.com/lists/oss-security/2010/09/05/3
- http://www.openwall.com/lists/oss-security/2010/09/07/8
- http://www.openwall.com/lists/oss-security/2010/09/06/1
- http://www.vupen.com/english/advisories/2010/2414
- http://www.arg0.net/encfs
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html
References
- http://secunia.com/advisories/41158
- https://bugzilla.redhat.com/show_bug.cgi?id=630460
- http://secunia.com/advisories/41478
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
- http://www.openwall.com/lists/oss-security/2010/09/05/3
- http://www.openwall.com/lists/oss-security/2010/09/07/8
- http://www.openwall.com/lists/oss-security/2010/09/06/1
- http://www.vupen.com/english/advisories/2010/2414
- http://www.arg0.net/encfs
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.