Vulnerabilities > CVE-2006-3123 - Local Denial Of Service vulnerability in Matt Blaze Cryptographic File System 1.4.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1138.NASL |
description | Carlo Contavalli discovered an integer overflow in CFS, a cryptographic filesystem, which allows local users to crash the encryption daemon. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22680 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22680 |
title | Debian DSA-1138-1 : cfs - integer overflow |
code |
|
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=371076
- http://secunia.com/advisories/21310
- http://secunia.com/advisories/21341
- http://www.debian.org/security/2006/dsa-1138
- http://www.securityfocus.com/bid/19320
- http://www.vupen.com/english/advisories/2006/3157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28288