Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2009-4484 | First vendor Publication | 2009-12-30 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:13088 | |||
| Oval ID: | oval:org.mitre.oval:def:13088 | ||
| Title: | USN-897-1 -- mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities | ||
| Description: | It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This update alters table creation behaviour by disallowing the use of the MySQL data directory in DATA DIRECTORY and INDEX DIRECTORY options. This issue only affected Ubuntu 8.10. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. An attacker could place arbitrary web script or html in a database cell, which would then get placed in the html document output by the command-line tool. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use symlinks combined with the DATA DIRECTORY and INDEX DIRECTORY options to possibly bypass privilege checks. This issue only affected Ubuntu 9.10. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. An authenticated user could use specially crafted database names to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. An authenticated user could exploit this to make MySQL crash, causing a denial of service. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. A local user could use symlinks to create tables that pointed to tables known to be created at a later time, bypassing access restrictions. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 LTS and the default compiler options for affected releases should reduce the vulnerability to a denial of service. In the default installation, attackers would also be isolated by the AppArmor MySQL profile | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-897-1 CVE-2008-4098 CVE-2008-4456 CVE-2008-7247 CVE-2009-2446 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484 | Version: | 5 |
| Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | mysql-dfsg-5.0 mysql-dfsg-5.1 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:20084 | |||
| Oval ID: | oval:org.mitre.oval:def:20084 | ||
| Title: | DSA-1997-1 mysql-dfsg-5.0 - several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the MySQL database server. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1997-1 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 | Product(s): | mysql-dfsg-5.0 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6799 | |||
| Oval ID: | oval:org.mitre.oval:def:6799 | ||
| Title: | DSA-1997 mysql-dfsg-5.0 -- several vulnerabilities | ||
| Description: | Several vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: Domas Mituzas discovered that mysqld does not properly handle errors during execution of certain SELECT statements with subqueries, and does not preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service via a crafted statement. Sergei Golubchik discovered that MySQL allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified DATA DIRECTORY or INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory. Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld, allow remote attackers to execute arbitrary code or cause a denial of service by establishing an SSL connection and sending an X.509 client certificate with a crafted name field. | ||
| Family: | unix | Class: | patch |
| Reference(s): | DSA-1997 CVE-2009-4019 CVE-2009-4030 CVE-2009-4484 | Version: | 5 |
| Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | mysql-dfsg-5.0 |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2012-03-16 | Name : Ubuntu Update for mysql-5.1 USN-1397-1 File : nvt/gb_ubuntu_USN_1397_1.nasl |
| 2012-02-12 | Name : Gentoo Security Advisory GLSA 201201-02 (MySQL) File : nvt/glsa_201201_02.nasl |
| 2010-02-15 | Name : Ubuntu Update for MySQL vulnerabilities USN-897-1 File : nvt/gb_ubuntu_USN_897_1.nasl |
| 2010-01-11 | Name : MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability File : nvt/mysql_37640.nasl |
| 2010-01-04 | Name : MySQL Server Buffer Overflow Vulnerability (Linux) File : nvt/secpod_mysql_bof_vuln_lin.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 61956 | yaSSL Certificate Name Handling Overflow |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | yaSSL library cert parsing stack overflow attempt RuleID : 16385 - Revision : 7 - Type : SERVER-MYSQL |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1397-1.nasl - Type : ACT_GATHER_INFO |
| 2012-01-18 | Name : The remote database server is affected by several buffer overflow vulnerabili... File : mysql_5_1_43_yaSSL.nasl - Type : ACT_GATHER_INFO |
| 2012-01-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-02.nasl - Type : ACT_GATHER_INFO |
| 2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6899.nasl - Type : ACT_GATHER_INFO |
| 2010-03-19 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_mysql-6897.nasl - Type : ACT_GATHER_INFO |
| 2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1997.nasl - Type : ACT_GATHER_INFO |
| 2010-02-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-897-1.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:09:39 |
|
| 2024-11-28 12:20:27 |
|
| 2023-02-15 05:29:04 |
|
| 2021-05-05 01:06:36 |
|
| 2021-05-04 12:10:53 |
|
| 2021-04-22 01:11:23 |
|
| 2020-11-10 00:22:46 |
|
| 2020-05-23 13:16:54 |
|
| 2020-05-23 00:24:45 |
|
| 2018-01-05 09:23:05 |
|
| 2017-08-17 09:22:49 |
|
| 2016-06-28 17:56:18 |
|
| 2016-04-26 19:21:04 |
|
| 2014-02-17 10:52:47 |
|
| 2014-01-19 21:26:24 |
|
| 2013-05-11 00:03:12 |
|
