Lucene search
Ubuntu.comUB:CVE-2009-4028HistoryNov 30, 2009 - 12:00 a.m.
CVE-2009-4028
2009-11-3000:00:00
ubuntu.com
ubuntu.com
20
0.005 Low
EPSS
Percentile
76.7%
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before
5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of
zero for the depth of X.509 certificates, which allows man-in-the-middle
attackers to spoof arbitrary SSL-based MySQL servers via a crafted
certificate, as demonstrated by a certificate presented by a server linked
against the yaSSL library.
Bugs
Notes
| Author | Note |
|---|---|
| mdeslaur | dapper doesn’t build with ssl hardy+ builds with yaSSL none of our releases are vulnerable, as the yaSSL code ignores the verify callback (see mysql bug) |
Related
veracode
veracode
Spoofing Attack
2020-04-10 00:43:12
seebug
seebug
MySQL OpenSSL客户端绕过yaSSL服务器证书验证漏洞
2009-12-02 00:00:00
prion
prion
Design/Logic Flaw
2009-11-30 17:30:00
cvelist
cvelist
CVE-2009-4028
2009-11-30 17:00:00
cve
cve
CVE-2009-4028
2009-11-30 17:30:00
openvas
openvas
Fedora Core 11 FEDORA-2009-13504 (mysql)
2009-12-30 00:00:00
Fedora Core 11 FEDORA-2009-13504 (mysql)
2009-12-30 00:00:00
Fedora Core 12 FEDORA-2009-13466 (mysql)
2009-12-30 00:00:00
nessus
nessus
Fedora 12 : mysql-5.1.41-2.fc12 (2009-13466)
2009-12-22 00:00:00
Fedora 11 : mysql-5.1.41-2.fc11 (2009-13504)
2009-12-22 00:00:00
SuSE 11 Security Update : MySQL (SAT Patch Number 2317)
2010-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: mysql-5.1.41-2.fc11
2009-12-22 04:54:08
[SECURITY] Fedora 12 Update: mysql-5.1.41-2.fc12
2009-12-22 04:48:21
securityvulns
securityvulns
MySQL multiple security vulnerabilities
2010-01-19 00:00:00
[ MDVSA-2010:012 ] mysql
2010-01-19 00:00:00
oraclelinux
oraclelinux
mysql security update
2010-02-16 00:00:00
redhat
redhat
(RHSA-2010:0109) Moderate: mysql security update
2010-02-16 00:00:00
centos
centos
mysql security update
2010-03-01 18:43:17
gentoo
gentoo
MySQL: Multiple vulnerabilities
2012-01-05 00:00:00