Vulnerability Details : CVE-2009-4484
Public exploit exists!
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2009-4484
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.0:milestone1:*:*:*:*:*:*
- cpe:2.3:a:oracle:mysql:5.0.0:milestone2:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:wolfssl:yassl:*:*:*:*:*:*:*:*
Threat overview for CVE-2009-4484
Top countries where our scanners detected CVE-2009-4484
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2009-4484 369
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-4484!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-4484
95.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2009-4484
-
MySQL yaSSL CertDecoder::GetName Buffer Overflow
Disclosure Date: 2010-01-25First seen: 2020-04-26exploit/linux/mysql/mysql_yassl_getnameThis module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetNam
CVSS scores for CVE-2009-4484
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2009-4484
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-4484
-
Red Hat 2010-01-26Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. The packages use OpenSSL and not yaSSL.
References for CVE-2009-4484
-
http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname
Third Party Advisory
-
http://www.debian.org/security/2010/dsa-1997
Third Party Advisory
-
http://www.yassl.com/release.html
Broken Link
-
http://ubuntu.com/usn/usn-897-1
Third Party Advisory
-
http://intevydis.com/mysql_demo.html
Broken Link
-
http://isc.sans.org/diary.html?storyid=7900
Third Party Advisory
-
http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
Broken Link
-
http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html
Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=555313
Issue Tracking;Third Party Advisory
-
http://securitytracker.com/id?1023513
Third Party Advisory;VDB Entry
-
http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html
Broken Link
-
http://lists.mysql.com/commits/96697
Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-1397-1
USN-1397-1: MySQL vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55416
Third Party Advisory;VDB Entry
-
http://www.intevydis.com/blog/?p=106
Broken Link
-
http://www.vupen.com/english/advisories/2010/0233
Third Party Advisory
-
http://www.yassl.com/news.html#yassl199
Broken Link
-
http://www.securityfocus.com/bid/37943
MySQL with yaSSL SSL Certificate Handling Remote Stack Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2010/0236
Third Party Advisory
-
http://www.intevydis.com/blog/?p=57
Broken Link
-
http://www.securityfocus.com/bid/37640
MySQL 5.0.51a Unspecified Remote Code Execution VulnerabilityThird Party Advisory;VDB Entry
-
http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14
Third Party Advisory
-
http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
Broken Link
-
http://bugs.mysql.com/bug.php?id=50227
Exploit;Issue Tracking;Vendor Advisory
-
http://intevydis.com/mysql_overflow1.py.txt
Broken Link
-
http://securitytracker.com/id?1023402
Third Party Advisory;VDB Entry
-
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html
Broken Link
-
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html
Broken Link
-
http://www.securityfocus.com/bid/37974
RETIRED: yaSSL SSL Certificate Handling Remote Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
Jump to