#VU33601 Cryptographic issues in MariaDB and mysql - CVE-2016-7440

Cybersecurity Help s.r.o.

Published: 2016-12-13 | Updated: 2020-08-04

Vulnerability identifier: #VU33601

Vulnerability risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-7440

CWE-ID: CWE-310

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
MariaDB
Server applications / Database software
mysql

Vendor: MariaDB Foundation
Google

Description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MariaDB: 10.0.27

mysql: 5.1 - 10.0.27

External links
https://www.debian.org/security/2016/dsa-3706
https://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
https://www.securityfocus.com/bid/93659
https://www.securitytracker.com/id/1037050
https://mariadb.com/kb/en/mariadb/mariadb-10028-release-notes/
https://wolfssl.com/wolfSSL/Blog/Entries/2016/9/26_wolfSSL_3.9.10_Vulnerability_Fixes.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Cryptographic issues in MariaDB

Cryptographic issues in mariadb (Alpine package)

SUSE Linux update for mysql