Vulnerabilities > CVE-2010-3075 - Cryptographic Issues vulnerability in Arg0 Encfs

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
arg0
CWE-310
nessus

Summary

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.

Vulnerable Configurations

Part Description Count
Application
Arg0
6

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14200.NASL
    descriptionVer. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49241
    published2010-09-16
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49241
    titleFedora 14 : fuse-encfs-1.7.2-1.fc14 (2010-14200)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-14200.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49241);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-3073", "CVE-2010-3074", "CVE-2010-3075");
      script_bugtraq_id(42779);
      script_xref(name:"FEDORA", value:"2010-14200");
    
      script_name(english:"Fedora 14 : fuse-encfs-1.7.2-1.fc14 (2010-14200)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ver. 1.7.2
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=630460"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047825.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b0e3d4b9"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fuse-encfs package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fuse-encfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:14");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^14([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 14.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC14", reference:"fuse-encfs-1.7.2-1.fc14")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse-encfs");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14254.NASL
    descriptionVer. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49244
    published2010-09-16
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49244
    titleFedora 12 : fuse-encfs-1.7.2-1.fc12 (2010-14254)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-14254.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49244);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:31");
    
      script_cve_id("CVE-2010-3073", "CVE-2010-3074", "CVE-2010-3075");
      script_bugtraq_id(42779);
      script_xref(name:"FEDORA", value:"2010-14254");
    
      script_name(english:"Fedora 12 : fuse-encfs-1.7.2-1.fc12 (2010-14254)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ver. 1.7.2
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=630460"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/047798.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9ca1728f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected fuse-encfs package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:fuse-encfs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC12", reference:"fuse-encfs-1.7.2-1.fc12")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fuse-encfs");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14268.NASL
    descriptionVer. 1.7.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49245
    published2010-09-16
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49245
    titleFedora 13 : fuse-encfs-1.7.2-1.fc13 (2010-14268)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_ENCFS-101206.NASL
    descriptionThis update of encfs fixes : - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode.
    last seen2020-06-01
    modified2020-06-02
    plugin id53711
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53711
    titleopenSUSE Security Update : encfs (openSUSE-SU-2010:1028-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_ENCFS-101206.NASL
    descriptionThis update of encfs fixes : - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode.
    last seen2020-06-01
    modified2020-06-02
    plugin id75476
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75476
    titleopenSUSE Security Update : encfs (openSUSE-SU-2010:1028-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_ENCFS-101206.NASL
    descriptionThis update of encfs fixes : - CVE-2010-3073: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Only 32 bit of file IV used - CVE-2010-3074: CVSS v2 Base Score: 1.9 (AV:L/AC:M/Au:N/C:P/I:N/A:N): Cryptographic Issues (CWE-310): encfs Watermarking attack The patch for CVE-2010-3075 (Last block with single byte is insecure) was not applied because upstream disabled it by default, expect for expert mode.
    last seen2020-06-01
    modified2020-06-02
    plugin id53656
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53656
    titleopenSUSE Security Update : encfs (openSUSE-SU-2010:1028-1)