Lucene search

K

RedhatCVELIST:CVE-2010-3075

HistorySep 17, 2010 - 5:46 p.m.

CVE-2010-3075

2010-09-1717:46:00

redhat

www.cve.org

3

AI Score

5.5

Confidence

Low

EPSS

0

Percentile

5.1%

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

References

archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html

lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html

secunia.com/advisories/41158

secunia.com/advisories/41478

www.arg0.net/encfs

www.openwall.com/lists/oss-security/2010/09/05/3

www.openwall.com/lists/oss-security/2010/09/06/1

www.openwall.com/lists/oss-security/2010/09/07/8

www.vupen.com/english/advisories/2010/2414

bugzilla.redhat.com/show_bug.cgi?id=630460

AI Score

5.5

Confidence

Low

EPSS

0

Percentile

5.1%

Related for CVELIST:CVE-2010-3075

cve1 ubuntucve1 debiancve1 prion1 nvd1 nessus6