製品・ソフトウェアに関する情報

JVN脆弱性詳細

MySQL で使用される yaSSL における複数のスタックベースのバッファオーバーフローの脆弱性

Title	MySQL で使用される yaSSL における複数のスタックベースのバッファオーバーフローの脆弱性
Summary	MySQL で使用される yaSSL には、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される脆弱性が存在します。
Possible impacts	巧妙に細工された name フィールドを含む X.509 クライアント証明書を送信、または SSL 通信の確立により、サービス運用妨害 (DoS) 状態となる、または任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 30, 2009, midnight
Registration Date	Feb. 24, 2010, 12:25 p.m.
Last Update	Aug. 3, 2010, 6:59 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

ターボリナックス

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux Server 11

Turbolinux Server 11 (x64)

MySQL AB

MySQL 5.0.90 未満

MySQL 5.1.43 未満

MySQL 5.5.x から 5.5.0-m2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-4484	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4484
National Vulnerability Database (NVD)
2	CVE-2009-4484	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4484

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
MySQL Documentation
1	Changes in MySQL 5.0.90	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html
2	Changes in MySQL 5.1.43	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html
3	Changes in MySQL 5.5.2	http://dev.mysql.com/doc/refman/5.5/en/news-5-5-2.html
製品セキュリティ情報
4	TLSA-2010-24	http://www.turbolinux.co.jp/security/2010/TLSA-2010-24j.txt

その他

No	Name	URL
Secunia Advisory
1	38364	http://secunia.com/advisories/38364
2	SA36575	http://secunia.com/advisories/36575/
SecurityFocus
3	36242	http://www.securityfocus.com/bid/36242
4	37640	http://www.securityfocus.com/bid/37640
SecurityTracker
5	1023402	http://securitytracker.com/alerts/2010/Jan/1023402.html
VUPEN Security
6	VUPEN/ADV-2010-0236	http://www.vupen.com/english/advisories/2010/0236

Change Log

No	Changed Details	Date of change
0	[2010年02月24日] 掲載 [2010年03月15日] ベンダ情報：MySQL AB (Changes in MySQL 5.5.2) を追加 [2010年08月03日] 影響を受けるシステム：ターボリナックス (TLSA-2010-24) の情報を追加ベンダ情報：ターボリナックス (TLSA-2010-24) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-4484

Summary	Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
Publication Date	Dec. 31, 2009, 6:30 a.m.
Registration Date	Jan. 29, 2021, 1:27 p.m.
Last Update	Feb. 15, 2023, 6:13 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:oracle:mysql:5.0.0:milestone2::::::
cpe:2.3:a:oracle:mysql:5.0.0:milestone1::::::
cpe:2.3:a:oracle:mysql::::::::	5.1.0			5.1.43
cpe:2.3:a:oracle:mysql::::::::	5.0.0			5.0.90

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:wolfssl:yassl::::::::					1.9.9

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:6.0:::::::*

Configuration5		or higher	or less	more than	less than
cpe:2.3:a:mariadb:mariadb::::::::		5.1			5.1.42

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.intevydis.com/blog/?p=57	MISC	Broken Link
2	http://intevydis.com/vd-list.shtml	MISC	Broken Link
3	http://www.securityfocus.com/bid/37640	BID	Third Party Advisory VDB Entry
4	http://archives.neohapsis.com/archives/dailydave/2010-q1/0002.html	MLIST	Broken Link
5	http://isc.sans.org/diary.html?storyid=7900	MISC	Third Party Advisory
6	http://intevydis.com/mysql_demo.html	MISC	Broken Link
7	http://www.intevydis.com/blog/?p=106	MISC	Broken Link
8	http://securitytracker.com/id?1023402	SECTRACK	Third Party Advisory VDB Entry
9	http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1	CONFIRM	Broken Link
10	http://www.vupen.com/english/advisories/2010/0233	VUPEN	Third Party Advisory
11	http://www.metasploit.com/modules/exploit/linux/mysql/mysql_yassl_getname	MISC	Third Party Advisory
12	http://securitytracker.com/id?1023513	SECTRACK	Third Party Advisory VDB Entry
13	http://www.yassl.com/news.html#yassl199	CONFIRM	Broken Link
14	http://yassl.cvs.sourceforge.net/viewvc/yassl/yassl/taocrypt/src/asn.cpp?r1=1.13&r2=1.14	CONFIRM	Third Party Advisory
15	http://secunia.com/advisories/38364	SECUNIA	Third Party Advisory
16	http://lists.immunitysec.com/pipermail/dailydave/2010-January/006020.html	MLIST	Broken Link
17	http://intevydis.com/mysql_overflow1.py.txt	MISC	Broken Link
18	http://dev.mysql.com/doc/refman/5.1/en/news-5-1-43.html	CONFIRM	Broken Link
19	http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html	MISC	Broken Link
20	http://secunia.com/advisories/37493	SECUNIA	Third Party Advisory
21	http://dev.mysql.com/doc/refman/5.0/en/news-5-0-90.html	CONFIRM	Broken Link
22	http://secunia.com/advisories/38344	SECUNIA	Third Party Advisory
23	http://bugs.mysql.com/bug.php?id=50227	CONFIRM	Exploit Issue Tracking Vendor Advisory
24	http://lists.mysql.com/commits/96697	MLIST	Patch Vendor Advisory
25	http://www.vupen.com/english/advisories/2010/0236	VUPEN	Third Party Advisory
26	http://www.securityfocus.com/bid/37974	BID	Third Party Advisory VDB Entry
27	http://www.yassl.com/release.html	CONFIRM	Broken Link
28	http://www.securityfocus.com/bid/37943	BID	Third Party Advisory VDB Entry
29	http://www.osvdb.org/61956	OSVDB	Broken Link
30	https://bugzilla.redhat.com/show_bug.cgi?id=555313	CONFIRM	Issue Tracking Third Party Advisory
31	http://www.debian.org/security/2010/dsa-1997	DEBIAN	Third Party Advisory
32	http://secunia.com/advisories/38573	SECUNIA	Third Party Advisory
33	http://secunia.com/advisories/38517	SECUNIA	Third Party Advisory
34	http://ubuntu.com/usn/usn-897-1	UBUNTU	Third Party Advisory
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/55416	XF	Third Party Advisory VDB Entry
36	http://www.ubuntu.com/usn/USN-1397-1	UBUNTU	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-787	境界外書き込み	https://cwe.mitre.org/data/definitions/787.html

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*