CVE-2009-4484

Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
mysql-5.1	11.04 natty	Fixed 5.1.41-3ubuntu7
	10.10 maverick	Fixed 5.1.41-3ubuntu7
	10.04 LTS lucid	Not in release
	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release
mysql-dfsg-5.0	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Not in release
	9.10 karmic	Ignored
	9.04 jaunty	Fixed 5.1.30really5.0.75-0ubuntu10.3
	8.10 intrepid	Fixed 5.0.67-0ubuntu6.1
	8.04 LTS hardy	Fixed 5.0.51a-3ubuntu5.5
	6.06 LTS dapper	Fixed 5.0.22-0ubuntu6.06.12
mysql-dfsg-5.1	11.04 natty	Not in release
	10.10 maverick	Not in release
	10.04 LTS lucid	Fixed 5.1.41-3ubuntu7
	9.10 karmic	Fixed 5.1.37-1ubuntu5.1
	9.04 jaunty	Ignored
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

Notes

mdeslaur

PoC: http://intevydis.com/mysql_overflow1.py.txt

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
mysql-dfsg-5.0	Upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
mysql-dfsg-5.1	Upstream: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/revision/3311.1.3

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references