CVE-2014-3462

Опубликовано: 07 авг. 2017

Источник: debian

EPSS Низкий

Описание

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
encfs	fixed	1.8.1-1		package
encfs	no-dsa		jessie	package
encfs	no-dsa		squeeze	package
encfs	no-dsa		wheezy	package

Примечания

Shortcoming documented in 1.7.4-4
https://defuse.ca/audits/encfs.htm
Upstream issue: https://github.com/vgough/encfs/issues/14
https://github.com/vgough/encfs/commit/9d06412f1c68b0607f27f2a4434a2801fa807a2d (v1.8.1)

EPSS

Процентиль: 77%

0.01089

Низкий

Связанные уязвимости

CVE-2014-3462

CVSS3: 7.5

ubuntu

больше 8 лет назад

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

CVE-2014-3462

CVSS3: 7.5

nvd

больше 8 лет назад

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

openSUSE-SU-2017:0158-1

suse-cvrf

около 9 лет назад

Security update for encfs

GHSA-j5m4-rhm6-f24f

CVSS3: 7.5

github

больше 3 лет назад

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

EPSS

Процентиль: 77%

0.01089

Низкий