CVE-2010-3074

{"id": "CVE-2010-3074", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-09-17T18:00:02.667", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html", "source": "secalert@redhat.com"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=335938", "source": "secalert@redhat.com"}, {"url": "http://code.google.com/p/encfs/source/detail?r=59", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41158", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41478", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.arg0.net/encfs", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/05/3", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/06/1", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/09/07/8", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2414", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=630460", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack."}, {"lang": "es", "value": "SSL_Cipher.cpp en EncFS anterior a v1.7.0 utiliza una combinaci\u00f3n inadecuada de un sistema de cifrado AES y un modo de cifrado CBC para sistemas de archivos cifrados, lo cual permite a usuarios locales obtener informaci\u00f3n sensible mediante un ataque de marca de agua."}], "lastModified": "2011-01-14T06:46:32.717", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arg0:encfs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B958CC56-A363-4A93-8AB7-4435FBB14373", "versionEndIncluding": "1.6.0"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A30A73A-DB18-4D44-85C1-9F6967A3EE5F"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F97913-1DF7-4F49-A86F-382D4C77C9C4"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8CA1DC0-1445-4F8C-8A0A-0131D2ACF54E"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4ED7EF13-E6EA-4E31-A4A8-067819DA854A"}, {"criteria": "cpe:2.3:a:arg0:encfs:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "755C05A8-A1E0-46AF-A4A6-BF01469B1AA1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}