PT-2009-6604 · Mysql Server+2 · Mysql Server+2
Tomas Hoger
·
Published
2009-12-30
·
Updated
2023-02-14
·
CVE-2009-4484
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
yaSSL versions prior to 1.9.9
MySQL versions prior to 5.0.90
MySQL versions prior to 5.1.43
MySQL versions 5.5.x through 5.5.0-m2
Description
The issue allows remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field. This is due to multiple stack-based buffer overflows in the CertDecoder::GetName function.
Recommendations
For yaSSL versions prior to 1.9.9, update to version 1.9.9 or later.
For MySQL versions prior to 5.0.90, update to version 5.0.90 or later.
For MySQL versions prior to 5.1.43, update to version 5.1.43 or later.
For MySQL versions 5.5.x through 5.5.0-m2, update to a version later than 5.5.0-m2.
Exploit
Fix
RCE
DoS
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mariadb Server
Mysql Server
Yassl