Lucene search

[email protected]CVE-2009-4484

HistoryDec 30, 2009 - 9:30 p.m.

CVE-2009-4484

2009-12-3021:30:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2009-4484

stack-based buffer overflow

taocrypt

yassl

mysql

ssl connection

x.509 client certificate

memory corruption

denial of service

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.8%

JSON

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

Affected configurations

NVD

Node

oraclemysqlRange5.0.0–5.0.90

oraclemysqlRange5.1.0–5.1.43

oraclemysqlMatch5.0.0milestone1

oraclemysqlMatch5.0.0milestone2

Node

wolfsslyasslRange<1.9.9

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

Node

debiandebian_linuxMatch4.0

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

mariadbmariadbRange5.1–5.1.42

CPENameOperatorVersion
oracle:mysqloracle mysqllt5.0.90
oracle:mysqloracle mysqllt5.1.43
oracle:mysqloracle mysqleq5.0.0

CPE	Name	Operator	Version
oracle:mysql	oracle mysql	lt	5.0.90
oracle:mysql	oracle mysql	lt	5.1.43
oracle:mysql	oracle mysql	eq	5.0.0

References

archives.neohapsis.com/archives/dailydave/2010-q1/0002.html

bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1

bugs.mysql.com/bug.php?id=50227

dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html

dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html

intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html

intevydis.com/mysql_demo.html

intevydis.com/mysql_overflow1.py.txt

intevydis.com/vd-list.shtml

isc.sans.org/diary.html?storyid=7900

lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html

lists.mysql.com/commits/96697

secunia.com/advisories/37493

secunia.com/advisories/38344

secunia.com/advisories/38364

secunia.com/advisories/38517

secunia.com/advisories/38573

securitytracker.com/id?1023402

securitytracker.com/id?1023513

ubuntu.com/usn/usn-897-1

www.debian.org/security/2010/dsa-1997

www.intevydis.com/blog/?p=106

www.intevydis.com/blog/?p=57

www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname

www.osvdb.org/61956

www.securityfocus.com/bid/37640

www.securityfocus.com/bid/37943

www.securityfocus.com/bid/37974

www.ubuntu.com/usn/USN-1397-1

www.vupen.com/english/advisories/2010/0233

www.vupen.com/english/advisories/2010/0236

www.yassl.com/news.html#yassl199

www.yassl.com/release.html

yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14

bugzilla.redhat.com/show_bug.cgi?id=555313

exchange.xforce.ibmcloud.com/vulnerabilities/55416

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.8%

JSON

Related for CVE-2009-4484

prion1 nvd1 openvas9 checkpoint_advisories1 cbl_mariner1 cvelist1 nessus7 ubuntucve1 debian2 osv1 seebug1 ubuntu2 gentoo1