Description
SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Micha Riser · textlocallinux
https://www.exploit-db.com/exploits/34537
References (13)
Core 13
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41158
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=630460
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41478
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2414
Issue Tracking x_refsource_confirm
http://code.google.com/p/encfs/source/detail?r=59
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/05/3
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/07/8
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/09/06/1
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html
Scores
EPSS
0.0016
EPSS Percentile
36.4%
Details
CWE
CWE-310
Status
published
Products (6)
arg0/encfs
1.4.0
arg0/encfs
1.4.1
arg0/encfs
1.4.1.1
arg0/encfs
1.4.2
arg0/encfs
1.5.0
arg0/encfs
< 1.6.0
Published
Sep 17, 2010
Tracked Since
Feb 18, 2026