Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2009-4484 First vendor Publication 2009-12-30
Vendor Cve Last vendor Modification 2023-02-14

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13088
 
Oval ID: oval:org.mitre.oval:def:13088
Title: USN-897-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities
Description: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile
Family: unix Class: patch
Reference(s): USN-897-1
CVE-2008-4098
CVE-2008-4456
CVE-2008-7247
CVE-2009-2446
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
Version: 5
Platform(s): Ubuntu 8.04
Ubuntu 8.10
Ubuntu 9.10
Ubuntu 6.06
Ubuntu 9.04
Product(s): mysql-dfsg-5.0
mysql-dfsg-5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20084
 
Oval ID: oval:org.mitre.oval:def:20084
Title: DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities
Description: Several vulnerabilities have been discovered in the MySQL database server.
Family: unix Class: patch
Reference(s): DSA-1997-1
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
Version: 5
Platform(s): Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6799
 
Oval ID: oval:org.mitre.oval:def:6799
Title: DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field.
Family: unix Class: patch
Reference(s): DSA-1997
CVE-2009-4019
CVE-2009-4030
CVE-2009-4484
Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
Product(s): mysql-dfsg-5.0
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 5
Application 324
Application 1
Os 9
Os 3

OpenVAS Exploits

Date Description
2012-03-16 Name : Ubuntu Update for mysql-5.1 USN-1397-1
File : nvt/gb_ubuntu_USN_1397_1.nasl
2012-02-12 Name : Gentoo Security Advisory GLSA 201201-02 (MySQL)
File : nvt/glsa_201201_02.nasl
2010-02-15 Name : Ubuntu Update for MySQL vulnerabilities USN-897-1
File : nvt/gb_ubuntu_USN_897_1.nasl
2010-01-11 Name : MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability
File : nvt/mysql_37640.nasl
2010-01-04 Name : MySQL Server Buffer Overflow Vulnerability (Linux)
File : nvt/secpod_mysql_bof_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
61956 yaSSL Certificate Name Handling Overflow

Snort® IPS/IDS

Date Description
2014-01-10 yaSSL library cert parsing stack overflow attempt
RuleID : 16385 - Revision : 7 - Type : SERVER-MYSQL

Nessus® Vulnerability Scanner

Date Description
2012-03-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO
2012-01-18 Name : The remote database server is affected by several buffer overflow vulnerabili...
File : mysql_5_1_43_yaSSL.nasl - Type : ACT_GATHER_INFO
2012-01-06 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6899.nasl - Type : ACT_GATHER_INFO
2010-03-19 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_mysql-6897.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1997.nasl - Type : ACT_GATHER_INFO
2010-02-11 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/37640
http://www.securityfocus.com/bid/37943
http://www.securityfocus.com/bid/37974
CONFIRM http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
http://bugs.mysql.com/bug.php?id=50227
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html
http://www.yassl.com/news.html#yassl199
http://www.yassl.com/release.html
http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1...
https://bugzilla.redhat.com/show_bug.cgi?id=555313
DEBIAN http://www.debian.org/security/2010/dsa-1997
MISC http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
http://intevydis.com/mysql_demo.html
http://intevydis.com/mysql_overflow1.py.txt
http://intevydis.com/vd-list.shtml
http://isc.sans.org/diary.html?storyid=7900
http://www.intevydis.com/blog/?p=106
http://www.intevydis.com/blog/?p=57
http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname
MLIST http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html
http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html
http://lists.mysql.com/commits/96697
OSVDB http://www.osvdb.org/61956
SECTRACK http://securitytracker.com/id?1023402
http://securitytracker.com/id?1023513
SECUNIA http://secunia.com/advisories/37493
http://secunia.com/advisories/38344
http://secunia.com/advisories/38364
http://secunia.com/advisories/38517
http://secunia.com/advisories/38573
UBUNTU http://ubuntu.com/usn/usn-897-1
http://www.ubuntu.com/usn/USN-1397-1
VUPEN http://www.vupen.com/english/advisories/2010/0233
http://www.vupen.com/english/advisories/2010/0236
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/55416

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
Date Informations
2023-02-15 05:29:04
  • Multiple Updates
2021-05-05 01:06:36
  • Multiple Updates
2021-05-04 12:10:53
  • Multiple Updates
2021-04-22 01:11:23
  • Multiple Updates
2020-11-10 00:22:46
  • Multiple Updates
2020-05-23 13:16:54
  • Multiple Updates
2020-05-23 00:24:45
  • Multiple Updates
2018-01-05 09:23:05
  • Multiple Updates
2017-08-17 09:22:49
  • Multiple Updates
2016-06-28 17:56:18
  • Multiple Updates
2016-04-26 19:21:04
  • Multiple Updates
2014-02-17 10:52:47
  • Multiple Updates
2014-01-19 21:26:24
  • Multiple Updates
2013-05-11 00:03:12
  • Multiple Updates