Published: 30/11/2009 Updated: 17/12/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 608

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x prior to 5.0.88 and 5.1.x prior to 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle malicious users to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle mysql 5.0.23
oracle mysql 5.0.25
mysql mysql 5.0.24
oracle mysql 5.0.0
oracle mysql 5.0.13
mysql mysql 5.0.30
oracle mysql 5.0.42
oracle mysql 5.0.32
oracle mysql 5.0.51
oracle mysql 5.0.37
oracle mysql 5.0.26
oracle mysql 5.0.33
mysql mysql 5.0.66
oracle mysql 5.0.7
mysql mysql 5.1.23
oracle mysql 5.1.13
oracle mysql 5.1.14
oracle mysql 5.1.30
oracle mysql 5.1
mysql mysql 5.1.5
oracle mysql 5.1.18
oracle mysql 5.1.24
oracle mysql 5.1.25
mysql mysql 5.1.32
oracle mysql 5.1.33
oracle mysql 5.1.38
oracle mysql 5.1.39
mysql mysql 5.0.2
mysql mysql 5.0.16
oracle mysql 5.0.11
mysql mysql 5.0.1
mysql mysql 5.0.10
mysql mysql 5.0.56
mysql mysql 5.0.54
mysql mysql 5.0.5.0.21
mysql mysql 5.0.4
oracle mysql 5.0.75
oracle mysql 5.0.77
oracle mysql 5.1.6
oracle mysql 5.1.11
oracle mysql 5.1.12
oracle mysql 5.1.10
oracle mysql 5.1.1
oracle mysql 5.1.19
oracle mysql 5.1.20
oracle mysql 5.1.26
oracle mysql 5.1.27
mysql mysql 5.1.34
oracle mysql 5.1.34
oracle mysql 5.1.40
oracle mysql 5.0.22
mysql mysql 5.0.22.1.0.1
oracle mysql 5.0.18
oracle mysql 5.0.19
mysql mysql 5.0.15
oracle mysql 5.0.12
oracle mysql 5.0.45
mysql mysql 5.0.44
oracle mysql 5.0.38
mysql mysql 5.0.36
oracle mysql 5.0.3
mysql mysql 5.0.3
oracle mysql 5.0.27
mysql mysql 5.0.60
mysql mysql 5.0.82
oracle mysql 5.0.83
oracle mysql 5.1.9
oracle mysql 5.1.7
oracle mysql 5.1.8
oracle mysql 5.1.15
oracle mysql 5.1.16
oracle mysql 5.1.22
oracle mysql 5.0.85
mysql mysql 5.0.84
oracle mysql 5.1.23
mysql mysql 5.1.31
oracle mysql 5.1.31
mysql mysql 5.1.37
oracle mysql 5.1.37
mysql mysql 5.0.20
oracle mysql 5.0.21
mysql mysql 5.0.17
mysql mysql 5.0.0
oracle mysql 5.0.14
oracle mysql 5.0.30
oracle mysql 5.0.50
oracle mysql 5.0.52
mysql mysql 5.0.5
oracle mysql 5.0.6
oracle mysql 5.0.41
oracle mysql 5.0.8
oracle mysql 5.0.81
oracle mysql 5.1.3
oracle mysql 5.1.4
oracle mysql 5.1.17
oracle mysql 5.1.2
oracle mysql 5.1.21
mysql mysql
oracle mysql 5.0.86
oracle mysql 5.1.28
oracle mysql 5.1.29
oracle mysql 5.1.35
oracle mysql 5.1.36

Synopsis Moderate: mysql security update Type/Severity Security Advisory: Moderate Topic Updated mysql packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descr ...

CWE-20 http://bugs.mysql.com/47320 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html http://www.openwall.com/lists/oss-security/2009/11/19/3 http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html http://www.openwall.com/lists/oss-security/2009/11/23/16 http://marc.info/?l=oss-security&m=125881733826437&w=2 http://lists.mysql.com/commits/87446 http://www.redhat.com/support/errata/RHSA-2010-0109.html http://www.vupen.com/english/advisories/2010/1107 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 https://access.redhat.com/errata/RHSA-2010:0109 https://nvd.nist.gov

Get Started

CVE-2009-4028

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect