CVE-2010-3073

{"id": "CVE-2010-3073", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-17T18:00:02.493", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html", "source": "secalert@redhat.com"}, {"url": "http://code.google.com/p/encfs/source/detail?r=59", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41158", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41478", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/05/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/06/1", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/07/8", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2414", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630460", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms."}, {"lang": "es", "value": "SSL_Cipher.cpp en EncFS anterior a v1.7.0 no maneja adecuadamente los tama\u00f1os de los datos enteros cuando construye cabeceras destinadas a la aleatorizaci\u00f3n de los vectores de inicializaci\u00f3n, lo cual le hace m\u00e1s f\u00e1cil a los usuarios locales obtener informaci\u00f3n sensible para superar la protecci\u00f3n de mecanismos criptogr\u00e1ficos."}], "lastModified": "2011-01-14T06:46:32.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arg0:encfs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B958CC56-A363-4A93-8AB7-4435FBB14373", "versionEndIncluding": "1.6.0"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A30A73A-DB18-4D44-85C1-9F6967A3EE5F"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F97913-1DF7-4F49-A86F-382D4C77C9C4"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8CA1DC0-1445-4F8C-8A0A-0131D2ACF54E"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ED7EF13-E6EA-4E31-A4A8-067819DA854A"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "755C05A8-A1E0-46AF-A4A6-BF01469B1AA1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}