CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
References
Link Resource
http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/14/2 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1097537 Issue Tracking Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201512-09 Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/05/14/2 Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1097537 Issue Tracking Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201512-09 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:encfs_project:encfs:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:08

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html - Third Party Advisory () http://lists.opensuse.org/opensuse-updates/2017-01/msg00090.html - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2014/05/14/2 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2014/05/14/2 - Mailing List, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1097537 - Issue Tracking, Third Party Advisory, VDB Entry () https://bugzilla.redhat.com/show_bug.cgi?id=1097537 - Issue Tracking, Third Party Advisory, VDB Entry
References () https://security.gentoo.org/glsa/201512-09 - Third Party Advisory, VDB Entry () https://security.gentoo.org/glsa/201512-09 - Third Party Advisory, VDB Entry

Information

Published : 2017-08-07 20:29

Updated : 2024-11-21 02:08


NVD link : CVE-2014-3462

Mitre link : CVE-2014-3462

CVE.ORG link : CVE-2014-3462


JSON object : View

Products Affected

opensuse

  • leap
  • opensuse

encfs_project

  • encfs
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor