CVE-2009-4484

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-4484
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html Broken Link
http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 Broken Link
http://bugs.mysql.com/bug.php?id=50227 Exploit Issue Tracking Vendor Advisory
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html Broken Link
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html Broken Link
http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html Broken Link
http://intevydis.com/mysql_demo.html Broken Link
http://intevydis.com/mysql_overflow1.py.txt Broken Link
http://intevydis.com/vd-list.shtml Broken Link
http://isc.sans.org/diary.html?storyid=7900 Third Party Advisory
http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html Broken Link
http://lists.mysql.com/commits/96697 Patch Vendor Advisory
http://secunia.com/advisories/37493 Third Party Advisory
http://secunia.com/advisories/38344 Third Party Advisory
http://secunia.com/advisories/38364 Third Party Advisory
http://secunia.com/advisories/38517 Third Party Advisory
http://secunia.com/advisories/38573 Third Party Advisory
http://securitytracker.com/id?1023402 Third Party Advisory VDB Entry
http://securitytracker.com/id?1023513 Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-897-1 Third Party Advisory
http://www.debian.org/security/2010/dsa-1997 Third Party Advisory
http://www.intevydis.com/blog/?p=106 Broken Link
http://www.intevydis.com/blog/?p=57 Broken Link
http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname Third Party Advisory
http://www.osvdb.org/61956 Broken Link
http://www.securityfocus.com/bid/37640 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/37943 Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/37974 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1397-1 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0233 Third Party Advisory
http://www.vupen.com/english/advisories/2010/0236 Third Party Advisory
http://www.yassl.com/news.html#yassl199 Broken Link
http://www.yassl.com/release.html Broken Link
http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=555313 Issue Tracking Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/55416 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:oracle:mysql:5.0.0:milestone2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:wolfssl:yassl:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2009-12-30 21:30

Updated : 2024-02-28 11:41

NVD link : CVE-2009-4484

Mitre link : CVE-2009-4484

CVE.ORG link : CVE-2009-4484

JSON object : View

Products Affected

debian

  • debian_linux

mariadb

  • mariadb

canonical

  • ubuntu_linux

wolfssl

  • yassl

oracle

  • mysql
CWE
CWE-787

Out-of-bounds Write


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024