csaf_microsoft - msrc

msrc_cve-2009-4484

Vulnerability from csaf_microsoft

Published

2009-12-02 00:00

Modified

2020-09-25 00:00

Summary

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2009-4484 Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2009/msrc_cve-2009-4484.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.",
    "tracking": {
      "current_release_date": "2020-09-25T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T16:39:17.296Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2009-4484",
      "initial_release_date": "2009-12-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2020-09-25T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 kernel 5.10.57.1-1",
                "product": {
                  "name": "\u003ccm1 kernel 5.10.57.1-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 kernel 5.10.57.1-1",
                "product": {
                  "name": "cm1 kernel 5.10.57.1-1",
                  "product_id": "16840"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 kernel 5.10.57.1-1 as a component of CBL Mariner 1.0",
          "product_id": "16820-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 kernel 5.10.57.1-1 as a component of CBL Mariner 1.0",
          "product_id": "16840-16820"
        },
        "product_reference": "16840",
        "relates_to_product_reference": "16820"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-4484",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "16840-16820"
        ],
        "known_affected": [
          "16820-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2009-4484 Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2009/msrc_cve-2009-4484.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-09-25T00:00:00.000Z",
          "details": "-:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9 as used in mysqld in MySQL 5.0.x before 5.0.90 MySQL 5.1.x before 5.1.43 MySQL 5.5.x through 5.5.0-m2 and other products allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a."
    }
  ]
}

CVE-2009-4484 (GCVE-0-2009-4484)

Vulnerability from cvelistv5

Published

2009-12-30 21:00

Modified

2024-08-07 07:01

Severity ?

CWE

Summary

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

References

URL

Tags

	http://intevydis.com/mysql_overflow1.py.txt	x_refsource_MISC
	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html	x_refsource_CONFIRM
	http://secunia.com/advisories/38573	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1397-1	vendor-advisory, x_refsource_UBUNTU
	http://secunia.com/advisories/37493	third-party-advisory, x_refsource_SECUNIA
	http://www.yassl.com/release.html	x_refsource_CONFIRM
	http://www.yassl.com/news.html#yassl199	x_refsource_CONFIRM
	http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1	x_refsource_CONFIRM
	http://www.intevydis.com/blog/?p=106	x_refsource_MISC
	http://intevydis.com/mysql_demo.html	x_refsource_MISC
	http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html	x_refsource_MISC
	http://secunia.com/advisories/38364	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/38517	third-party-advisory, x_refsource_SECUNIA
	http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/37974	vdb-entry, x_refsource_BID
	http://securitytracker.com/id?1023513	vdb-entry, x_refsource_SECTRACK
	http://ubuntu.com/usn/usn-897-1	vendor-advisory, x_refsource_UBUNTU
	http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname	x_refsource_MISC
	http://www.vupen.com/english/advisories/2010/0236	vdb-entry, x_refsource_VUPEN
	http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=555313	x_refsource_CONFIRM
	http://bugs.mysql.com/bug.php?id=50227	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/37640	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/55416	vdb-entry, x_refsource_XF
	http://www.intevydis.com/blog/?p=57	x_refsource_MISC
	http://isc.sans.org/diary.html?storyid=7900	x_refsource_MISC
	http://lists.mysql.com/commits/96697	mailing-list, x_refsource_MLIST
	http://securitytracker.com/id?1023402	vdb-entry, x_refsource_SECTRACK
	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html	x_refsource_CONFIRM
	http://www.osvdb.org/61956	vdb-entry, x_refsource_OSVDB
	http://intevydis.com/vd-list.shtml	x_refsource_MISC
	http://secunia.com/advisories/38344	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/37943	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2010/0233	vdb-entry, x_refsource_VUPEN
	http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html	mailing-list, x_refsource_MLIST
	http://www.debian.org/security/2010/dsa-1997	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website