Vulnerability Details : CVE-2013-6394
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
Products affected by CVE-2013-6394
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtrabackup:2.1.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6394
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6394
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:P/A:N |
3.9
|
2.9
|
NIST |
CWE ids for CVE-2013-6394
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6394
-
http://www.openwall.com/lists/oss-security/2013/11/26/11
oss-security - Re: CVE Request: static IV used in Percona XtraBackup
-
http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
Percona XtraBackup 2.1.6Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html
openSUSE-SU-2014:0245-1: moderate: update for xtrabackup
-
http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html
openSUSE-SU-2013:1864-1: moderate: xtrabackup: update to 2.1.6
Jump to