Upstream information

CVE-2014-3462 at MITRE

Description

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database SUSE
Base Score 5 4.4
Vector AV:N/AC:L/Au:N/C:P/I:N/A:N AV:L/AC:M/Au:S/C:N/I:C/A:N
Access Vector Network Local
Access Complexity Low Medium
Authentication None Single
Confidentiality Impact Partial None
Integrity Impact None Complete
Availability Impact None None
SUSE Bugzilla entry: 878257 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.1
  • encfs >= 1.8.1-4.1
  • encfs-debuginfo >= 1.8.1-4.1
  • encfs-debugsource >= 1.8.1-4.1
  • encfs-lang >= 1.8.1-4.1
Patchnames:
openSUSE-2017-82
openSUSE Leap 42.2
  • encfs >= 1.8.1-5.1
  • encfs-debuginfo >= 1.8.1-5.1
  • encfs-debugsource >= 1.8.1-5.1
  • encfs-lang >= 1.8.1-5.1
Patchnames:
openSUSE-2017-82