Vulnerability Details CVE-2013-6394
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.9%
CVSS Severity
CVSS v2 Score 2.1
References
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html
- http://www.openwall.com/lists/oss-security/2013/11/26/11
- http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
- http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html
- http://www.openwall.com/lists/oss-security/2013/11/26/11
- http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
Products affected by CVE-2013-6394
-
cpe:2.3:a:percona:xtrabackup:1.4
-
cpe:2.3:a:percona:xtrabackup:1.6
-
cpe:2.3:a:percona:xtrabackup:1.6.2
-
cpe:2.3:a:percona:xtrabackup:1.6.3
-
cpe:2.3:a:percona:xtrabackup:1.6.4
-
cpe:2.3:a:percona:xtrabackup:1.6.5
-
cpe:2.3:a:percona:xtrabackup:1.6.6
-
cpe:2.3:a:percona:xtrabackup:1.6.7
-
cpe:2.3:a:percona:xtrabackup:1.9.0
-
cpe:2.3:a:percona:xtrabackup:1.9.1
-
cpe:2.3:a:percona:xtrabackup:1.9.2
-
cpe:2.3:a:percona:xtrabackup:2.0.0
-
cpe:2.3:a:percona:xtrabackup:2.0.1
-
cpe:2.3:a:percona:xtrabackup:2.0.2
-
cpe:2.3:a:percona:xtrabackup:2.0.3
-
cpe:2.3:a:percona:xtrabackup:2.0.4
-
cpe:2.3:a:percona:xtrabackup:2.0.5
-
cpe:2.3:a:percona:xtrabackup:2.0.6
-
cpe:2.3:a:percona:xtrabackup:2.0.7
-
cpe:2.3:a:percona:xtrabackup:2.0.8
-
cpe:2.3:a:percona:xtrabackup:2.1.0
-
cpe:2.3:a:percona:xtrabackup:2.1.1
-
cpe:2.3:a:percona:xtrabackup:2.1.2
-
cpe:2.3:a:percona:xtrabackup:2.1.3
-
cpe:2.3:a:percona:xtrabackup:2.1.4
-
cpe:2.3:a:percona:xtrabackup:2.1.5
-
cpe:2.3:o:opensuse:opensuse:13.1