CVE-2010-3075 : EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which m

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

Published 2010-09-17 18:00:03

Updated 2010-09-20 04:00:00

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-3075

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-3075

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2010-3075

CWE-310

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-3075

http://www.vupen.com/english/advisories/2010/2414

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html

[SECURITY] Fedora 13 Update: fuse-encfs-1.7.2-1.fc13

CVEs referencing this url
http://www.arg0.net/encfs

EncFS | arg0-home

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/09/06/1

oss-security - Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS

CVEs referencing this url
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html

[SECURITY] Fedora 14 Update: fuse-encfs-1.7.2-1.fc14

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/09/07/8

oss-security - Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html

[SECURITY] Fedora 12 Update: fuse-encfs-1.7.2-1.fc12

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2010/09/05/3

oss-security - CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=630460

630460 – (CVE-2010-3073, CVE-2010-3074, CVE-2010-3075) CVE-2010-3073 CVE-2010-3074 CVE-2010-3075 fuse-encfs: EncFS: Multiple flaws

CVEs referencing this url

Products affected by CVE-2010-3075

Arg0 » Encfs
Versions up to, including, (<=) 1.6.0
cpe:2.3:a:arg0:encfs:*:*:*:*:*:*:*:*
Matching versions
Arg0 » Encfs » Version: 1.4.0
cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*
Matching versions
Arg0 » Encfs » Version: 1.5.0
cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*
Matching versions
Arg0 » Encfs » Version: 1.4.2
cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*
Matching versions
Arg0 » Encfs » Version: 1.4.1.1
cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*
Matching versions
Arg0 » Encfs » Version: 1.4.1
cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2010-3075

Exploit prediction scoring system (EPSS) score for CVE-2010-3075

CVSS scores for CVE-2010-3075

CWE ids for CVE-2010-3075

References for CVE-2010-3075

Products affected by CVE-2010-3075