Vulnerability Details : CVE-2010-3075
EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.
Exploit prediction scoring system (EPSS) score for CVE-2010-3075
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3075
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-3075
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3075
-
http://www.vupen.com/english/advisories/2010/2414
Webmail | OVH- OVHVendor Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html
[SECURITY] Fedora 13 Update: fuse-encfs-1.7.2-1.fc13
-
http://www.arg0.net/encfs
EncFS | arg0-home
-
http://www.openwall.com/lists/oss-security/2010/09/06/1
oss-security - Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
[SECURITY] Fedora 14 Update: fuse-encfs-1.7.2-1.fc14
-
http://www.openwall.com/lists/oss-security/2010/09/07/8
oss-security - Re: CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html
[SECURITY] Fedora 12 Update: fuse-encfs-1.7.2-1.fc12
-
http://www.openwall.com/lists/oss-security/2010/09/05/3
oss-security - CVE Request -- EncFS / fuse-encfs [three ids] -- Multiple Vulnerabilities in EncFS
-
https://bugzilla.redhat.com/show_bug.cgi?id=630460
630460 – (CVE-2010-3073, CVE-2010-3074, CVE-2010-3075) CVE-2010-3073 CVE-2010-3074 CVE-2010-3075 fuse-encfs: EncFS: Multiple flaws
Products affected by CVE-2010-3075
- cpe:2.3:a:arg0:encfs:*:*:*:*:*:*:*:*
- cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*