CVE-2009-4028

Description

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 1.58%• Percentile: 82%

Techniques & Countermeasures

• CWE-20•Improper Input Validation

  The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Affected Systems

• mysql•mysql

  ≤ 5.0.87 | 5.0.0 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.5.0.21 | 5.0.10 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.20 | 5.0.22.1.0.1 | 5.0.24 | 5.0.30 | 5.0.36 | 5.0.44 | 5.0.54 | 5.0.56 | 5.0.60 | 5.0.66 | 5.0.82 | 5.0.84 | 5.1.5 | 5.1.23 | 5.1.31 | 5.1.32 | 5.1.34 | 5.1.37

• oracle•mysql

  5.0.0:alpha | 5.0.3:beta | 5.0.6 | 5.0.7 | 5.0.8 | 5.0.11 | 5.0.12 | 5.0.13 | 5.0.14 | 5.0.18 | 5.0.19 | 5.0.21 | 5.0.22 | 5.0.23 | 5.0.25 | 5.0.26 | 5.0.27 | 5.0.30:sp1 | 5.0.32 | 5.0.33 | 5.0.37 | 5.0.38 | 5.0.41 | 5.0.42 | 5.0.45 | 5.0.50 | 5.0.51 | 5.0.52 | 5.0.75 | 5.0.77 | 5.0.81 | 5.0.83 | 5.0.85 | 5.0.86 | 5.1 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.6 | 5.1.7 | 5.1.8 | 5.1.9 | 5.1.10 | 5.1.11 | 5.1.12 | 5.1.13 | 5.1.14 | 5.1.15 | 5.1.16 | 5.1.17 | 5.1.18 | 5.1.19 | 5.1.20 | 5.1.21 | 5.1.22 | 5.1.23:a | 5.1.24 | 5.1.25 | 5.1.26 | 5.1.27 | 5.1.28 | 5.1.29 | 5.1.30 | 5.1.31:sp1 | 5.1.33 | 5.1.34:sp1 | 5.1.35 | 5.1.36 | 5.1.37:sp1 | 5.1.38 | 5.1.39 | 5.1.40 | 5.1.40:sp1

References (12)

• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510
• http://www.redhat.com/support/errata/RHSA-2010-0109.html
• http://www.vupen.com/english/advisories/2010/1107
• http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
• http://www.openwall.com/lists/oss-security/2009/11/19/3
• http://lists.mysql.com/commits/87446
• http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
• http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
• http://marc.info/?l=oss-security&m=125881733826437&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940
• http://bugs.mysql.com/47320
• http://www.openwall.com/lists/oss-security/2009/11/23/16