CVE-2009-4484

yaSSL <1.9.9 - Buffer Overflow

Title source: llm

Description

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/16850

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by jduck · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/mysql/mysql_yassl_getname.rb

View Code ZIP pw:eip

References (36)

[Broken Link] http://intevydis.com/mysql_overflow1.py.txt

[Broken Link] http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html

[Third Party Advisory] http://secunia.com/advisories/38573

[Third Party Advisory] http://www.ubuntu.com/usn/USN-1397-1

[Third Party Advisory] http://secunia.com/advisories/37493

[Broken Link] http://www.yassl.com/release.html

[Broken Link] http://www.yassl.com/news.html#yassl199

[Broken Link] http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1

[Broken Link] http://www.intevydis.com/blog/?p=106

[Broken Link] http://intevydis.com/mysql_demo.html

[Broken Link] http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html

[Third Party Advisory] http://secunia.com/advisories/38364

[Third Party Advisory] http://secunia.com/advisories/38517

[Third Party Advisory] http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/37974

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023513

[Third Party Advisory] http://ubuntu.com/usn/usn-897-1

[Third Party Advisory] http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/0236

[Broken Link] http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html

... and 16 more

Scores

EPSS 0.7582

EPSS Percentile 98.9%

Details

CWE

CWE-787

Status published

Products (16)

canonical/ubuntu_linux 6.06

canonical/ubuntu_linux 8.04

canonical/ubuntu_linux 8.10

canonical/ubuntu_linux 9.04

canonical/ubuntu_linux 9.10

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 10.10

canonical/ubuntu_linux 11.04

canonical/ubuntu_linux 11.10

debian/debian_linux 4.0

... and 6 more

Published Dec 30, 2009

Tracked Since Feb 18, 2026