Vulnerabilities > CVE-2010-3074 - Cryptographic Issues vulnerability in Arg0 Encfs
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a watermark attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-14200.NASL description Ver. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49241 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49241 title Fedora 14 : fuse-encfs-1.7.2-1.fc14 (2010-14200) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-14200. # include("compat.inc"); if (description) { script_id(49241); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-3073", "CVE-2010-3074", "CVE-2010-3075"); script_bugtraq_id(42779); script_xref(name:"FEDORA", value:"2010-14200"); script_name(english:"Fedora 14 : fuse-encfs-1.7.2-1.fc14 (2010-14200)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Ver. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630460" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b0e3d4b9" ); script_set_attribute( attribute:"solution", value:"Update the affected fuse-encfs package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fuse-encfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC14", reference:"fuse-encfs-1.7.2-1.fc14")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse-encfs"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-14254.NASL description Ver. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49244 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49244 title Fedora 12 : fuse-encfs-1.7.2-1.fc12 (2010-14254) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-14254. # include("compat.inc"); if (description) { script_id(49244); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-3073", "CVE-2010-3074", "CVE-2010-3075"); script_bugtraq_id(42779); script_xref(name:"FEDORA", value:"2010-14254"); script_name(english:"Fedora 12 : fuse-encfs-1.7.2-1.fc12 (2010-14254)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Ver. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=630460" ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ca1728f" ); script_set_attribute( attribute:"solution", value:"Update the affected fuse-encfs package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fuse-encfs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"fuse-encfs-1.7.2-1.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse-encfs"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-14268.NASL description Ver. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 49245 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49245 title Fedora 13 : fuse-encfs-1.7.2-1.fc13 (2010-14268) NASL family SuSE Local Security Checks NASL id SUSE_11_2_ENCFS-101206.NASL description This update of encfs fixes : - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode. last seen 2020-06-01 modified 2020-06-02 plugin id 53711 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53711 title openSUSE Security Update : encfs (openSUSE-SU-2010:1028-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_ENCFS-101206.NASL description This update of encfs fixes : - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode. last seen 2020-06-01 modified 2020-06-02 plugin id 75476 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75476 title openSUSE Security Update : encfs (openSUSE-SU-2010:1028-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_ENCFS-101206.NASL description This update of encfs fixes : - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode. last seen 2020-06-01 modified 2020-06-02 plugin id 53656 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53656 title openSUSE Security Update : encfs (openSUSE-SU-2010:1028-1)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html
- http://bugs.gentoo.org/show_bug.cgi?id=335938
- http://code.google.com/p/encfs/source/detail?r=59
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047794.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html
- http://secunia.com/advisories/41158
- http://secunia.com/advisories/41478
- http://www.arg0.net/encfs
- http://www.openwall.com/lists/oss-security/2010/09/05/3
- http://www.openwall.com/lists/oss-security/2010/09/06/1
- http://www.openwall.com/lists/oss-security/2010/09/07/8
- http://www.vupen.com/english/advisories/2010/2414
- https://bugzilla.redhat.com/show_bug.cgi?id=630460