CVE-2010-3075

NameCVE-2010-3075
DescriptionEncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the last block contains only one byte.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs595998

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
encfs (PTS)bullseye1.9.5-1fixed
bookworm1.9.5-2fixed
forky, sid, trixie1.9.5-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
encfssource(unstable)1.7.2-1595998

Notes

[lenny] - encfs <no-dsa> (Not backportable, breaks backwards-compatibility)
Search for package or bug name: Reporting problems