Vulnerability Description
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arg0 | Encfs | <= 1.6.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
- http://code.google.com/p/encfs/source/detail?r=59
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
- http://secunia.com/advisories/41158Vendor Advisory
- http://secunia.com/advisories/41478Vendor Advisory
- http://www.openwall.com/lists/oss-security/2010/09/05/3
- http://www.openwall.com/lists/oss-security/2010/09/06/1
- http://www.openwall.com/lists/oss-security/2010/09/07/8
- http://www.vupen.com/english/advisories/2010/2414Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=630460
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
- http://code.google.com/p/encfs/source/detail?r=59
FAQ
What is CVE-2010-3073?
CVE-2010-3073 is a vulnerability with a CVSS score of 2.1 (LOW). SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users t...
How severe is CVE-2010-3073?
CVE-2010-3073 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3073?
Check the references section above for vendor advisories and patch information. Affected products include: Arg0 Encfs.