7 matches found
CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...
CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...
CVE-2014-3462
The CVE-2014-3462 issue affects encfs before 1.7.5, where the .encfs6.xml configuration file can be manipulated by setting blockMACBytes to 0 and increasing blockMACRandBytes by 8, enabling a remote attacker to access sensitive data. Public reports consistently describe this as a data disclosure ...
CVE-2014-3462
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"...
openSUSE Security Update : encfs (openSUSE-2017-82)
This update for encfs fixes the following issues : - A new option --require-macs was added to address CVE-2014-3462 boo878257 This will now trigger a warning if MAC headers were disabled via configuration. In addition, encfs was updated to 1.8.1 including all upstream improvements and fixes...
Mageia: Security Advisory (MGASA-2016-0026)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated encfs packages fix security vulnerability
A local attacker can utilize a possible buffer overflow in the encodeName method of StreamNameIO and BlockNameIO to execute arbitrary code or cause a Denial of Service. Also multiple weak cryptographics practices have been found in encfs CVE-2014-3462...