ByteOS Network

CVE Vulnerability Details :

CVE-2009-4028

PUBLISHED

More Info Official Page

Assigner-redhat

Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749

Published At-30 Nov, 2009 | 17:00

Updated At-07 Aug, 2024 | 06:45

▼CVE Numbering Authority (CNA)

The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510	vdb-entry signature x_refsource_OVAL
http://www.redhat.com/support/errata/RHSA-2010-0109.html	vendor-advisory x_refsource_REDHAT
http://www.vupen.com/english/advisories/2010/1107	vdb-entry x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	vendor-advisory x_refsource_SUSE
http://www.openwall.com/lists/oss-security/2009/11/19/3	mailing-list x_refsource_MLIST
http://lists.mysql.com/commits/87446	mailing-list x_refsource_MLIST
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html	x_refsource_CONFIRM
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html	x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=125881733826437&w=2	mailing-list x_refsource_MLIST
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940	vdb-entry signature x_refsource_OVAL
http://bugs.mysql.com/47320	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2009/11/23/16	mailing-list x_refsource_MLIST

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0109.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.vupen.com/english/advisories/2010/1107

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/19/3

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://lists.mysql.com/commits/87446

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

Resource:

x_refsource_CONFIRM

Hyperlink: http://marc.info/?l=oss-security&m=125881733826437&w=2

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://bugs.mysql.com/47320

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/23/16

Resource:

mailing-list

x_refsource_MLIST

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510	vdb-entry signature x_refsource_OVAL x_transferred
http://www.redhat.com/support/errata/RHSA-2010-0109.html	vendor-advisory x_refsource_REDHAT x_transferred
http://www.vupen.com/english/advisories/2010/1107	vdb-entry x_refsource_VUPEN x_transferred
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	vendor-advisory x_refsource_SUSE x_transferred
http://www.openwall.com/lists/oss-security/2009/11/19/3	mailing-list x_refsource_MLIST x_transferred
http://lists.mysql.com/commits/87446	mailing-list x_refsource_MLIST x_transferred
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html	x_refsource_CONFIRM x_transferred
http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html	x_refsource_CONFIRM x_transferred
http://marc.info/?l=oss-security&m=125881733826437&w=2	mailing-list x_refsource_MLIST x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940	vdb-entry signature x_refsource_OVAL x_transferred
http://bugs.mysql.com/47320	x_refsource_CONFIRM x_transferred
http://www.openwall.com/lists/oss-security/2009/11/23/16	mailing-list x_refsource_MLIST x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2010-0109.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2010/1107

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/19/3

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://lists.mysql.com/commits/87446

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://marc.info/?l=oss-security&m=125881733826437&w=2

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://bugs.mysql.com/47320

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2009/11/23/16

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References