• MySQL yaSSL CertDecoder::GetName Buffer Overflow
    Disclosure Date: 2010-01-25
    First seen: 2020-04-26
    exploit/linux/mysql/mysql_yassl_getname
    This module exploits a stack buffer overflow in the yaSSL (1.9.8 and earlier) implementation bundled with MySQL. By sending a specially crafted client certificate, an attacker can execute arbitrary code. This vulnerability is present within the CertDecoder::GetName function inside "taocrypt/src/asn.cpp". However, the stack buffer that is written to exists within a parent function's stack frame. NOTE: This vulnerability requires a non-default configuration. First, the attacker must be able to pass the host-based authentication. Next, the server must be configured to listen on an accessible network interface. Lastly, the server must have been manually configured to use SSL. The binary from version 5.5.0-m2 was built with /GS and /SafeSEH. During testing on Windows XP SP3, these protections successfully prevented exploitation. Testing was also done with mysql on Ubuntu 9.04. Although the vulnerable code is present, both version 5.5.0-m2 built from source and version 5.0.75 from a binary package were not exploitable due to the use of the compiler's FORTIFY feature. Although suse11 was mentioned in the original blog post, the binary package they provide does not contain yaSSL or support SSL. Authors: - jduck <jduck@metasploit.com>
  • MySQL yaSSL SSL Hello Message Buffer Overflow
    Disclosure Date: 2008-01-04
    First seen: 2020-04-26
    exploit/linux/mysql/mysql_yassl_hello
    This module exploits a stack buffer overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
  • MySQL yaSSL SSL Hello Message Buffer Overflow
    Disclosure Date: 2008-01-04
    First seen: 2020-04-26
    exploit/windows/mysql/mysql_yassl_hello
    This module exploits a stack buffer overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code. Authors: - MC <mc@metasploit.com>
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!