CVE-2010-3073 Information

Feb 14, 2021 cve

Description

SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html http://code.google.com/p/encfs/source/detail?r=59 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html http://secunia.com/advisories/41158 http://secunia.com/advisories/41478 http://www.openwall.com/lists/oss-security/2010/09/05/3 http://www.openwall.com/lists/oss-security/2010/09/06/1 http://www.openwall.com/lists/oss-security/2010/09/07/8 http://www.vupen.com/english/advisories/2010/2414 https://bugzilla.redhat.com/show_bug.cgi?id=630460

Share on: