| Vulnerability Name: | CVE-2010-3074 (CCN-61461) | ||||||||||||||||||||||||||||||||||||
| Assigned: | 2010-08-26 | ||||||||||||||||||||||||||||||||||||
| Published: | 2010-08-26 | ||||||||||||||||||||||||||||||||||||
| Updated: | 2011-01-14 | ||||||||||||||||||||||||||||||||||||
| Summary: | SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack. | ||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N) 1.7 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-310 | ||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Aug 26 2010 Multiple Vulnerabilities in EncFS Source: FULLDISC Type: UNKNOWN 20100826 Multiple Vulnerabilities in EncFS Source: CONFIRM Type: UNKNOWN http://bugs.gentoo.org/show_bug.cgi?id=335938 Source: CONFIRM Type: UNKNOWN http://code.google.com/p/encfs/source/detail?r=59 Source: MITRE Type: CNA CVE-2010-3074 Source: FEDORA Type: UNKNOWN FEDORA-2010-14268 Source: FEDORA Type: UNKNOWN FEDORA-2010-14254 Source: FEDORA Type: UNKNOWN FEDORA-2010-14200 Source: SUSE Type: UNKNOWN SUSE-SR:2010:023 Source: CCN Type: SA41158 EncFS Multiple Weaknesses Source: SECUNIA Type: Vendor Advisory 41158 Source: SECUNIA Type: Vendor Advisory 41478 Source: CONFIRM Type: UNKNOWN http://www.arg0.net/encfs Source: CCN Type: EncFS Web Site EncFS 1.7 -- August 29, 2010 Source: MLIST Type: UNKNOWN [oss-security] 20100905 CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS Source: MLIST Type: UNKNOWN [oss-security] 20100905 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS Source: MLIST Type: UNKNOWN [oss-security] 20100907 Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS Source: CCN Type: OSVDB ID: 68077 EncFS CBC Cipher Mode Watermarking Attack Weakness Source: CCN Type: BID-42779 EncFS Flawed CBC/CFB Cryptography Implementation Weaknesses Source: VUPEN Type: Vendor Advisory ADV-2010-2414 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=630460 Source: XF Type: UNKNOWN encfs-watermarking-weak-security(61461) Source: SUSE Type: SUSE-SR:2010:023 SUSE Security Summary Report | ||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||