CVE-2013-6394

Published: Dec 13, 2013Modified: Apr 29, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.

Affected (9)

Products: Percona: Xtrabackup · Opensuse: Opensuse

1 product

1 product

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Percona Xtrabackup	Up to 2.1.5
Percona Xtrabackup	Version 2.1.0 alpha1
Percona Xtrabackup	Version 2.1.0 beta1
Percona Xtrabackup	Version 2.1.0 rc1
Percona Xtrabackup	Version 2.1.1
Percona Xtrabackup	Version 2.1.2
Percona Xtrabackup	Version 2.1.3
Percona Xtrabackup	Version 2.1.4

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1

Related CWEs

References (8)

http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/11/26/11

Source: secalert@redhat.com

http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html

Source: secalert@redhat.com

PatchVendor Advisory

http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/11/26/11

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.