Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
BID:69743
Info
Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
| Bugtraq ID: | 69743 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 01 2014 12:00AM |
| Updated: | Aug 01 2014 12:00AM |
| Credit: | Reported by vendor. |
| Vulnerable: |
Oracle Mysql 5.6.17 Oracle Mysql 5.6.12 Oracle Mysql 5.6.11 Oracle Mysql 5.6.10 Oracle Mysql 5.6.9 Oracle Mysql 5.6.6 Oracle Mysql 5.6.5 Oracle Mysql 5.6 Oracle Mysql 5.5.38 Oracle Mysql 5.5.37 Oracle Mysql 5.5.36 Oracle Mysql 5.5.35 Oracle Mysql 5.5.32 Oracle Mysql 5.5.31 Oracle Mysql 5.5.28 Oracle Mysql 5.5.27 Oracle Mysql 5.5.25 Oracle Mysql 5.5.24 Oracle Mysql 5.5.23 Oracle Mysql 5.5.22 Oracle Mysql 5.5.21 Oracle Mysql 5.5.20 Oracle Mysql 5.5.19 Oracle Mysql 5.5.18 Oracle Mysql 5.5.17 Oracle Mysql 5.5.16 Oracle Mysql 5.5.15 Oracle Mysql 5.5.14 Oracle Mysql 5.5.13 Oracle Mysql 5.5.12 Oracle Mysql 5.5.11 Oracle Mysql 5.5.10 Oracle Mysql 5.1.70 Oracle Mysql 5.1.69 Oracle Mysql 5.1.66 Oracle Mysql 5.1.65 Oracle Mysql 5.1.63 Oracle Mysql 5.1.62 Oracle Mysql 5.1.61 Oracle Mysql 5.1.60 Oracle Mysql 5.1.52 Oracle Mysql 5.1.40 Oracle Mysql 5.1.32 Oracle Mysql 5.0.67 Oracle Mysql 5.0.51 Oracle Mysql 5.0.21 Oracle Mysql 5.6.8 Oracle Mysql 5.6.7 Oracle Mysql 5.6.4 Oracle Mysql 5.6.3 Oracle Mysql 5.6.2 Oracle Mysql 5.6.19 Oracle Mysql 5.6.18 Oracle Mysql 5.6.16 Oracle Mysql 5.6.15 Oracle Mysql 5.6.14 Oracle Mysql 5.6.13 Oracle Mysql 5.6.1 Oracle Mysql 5.5.34 Oracle Mysql 5.5.33 Oracle Mysql 5.5.30 Oracle Mysql 5.5.29 Oracle Mysql 5.5.26 Oracle Mysql 5.5.25 A Oracle Mysql 5.1.73 Oracle Mysql 5.1.72 Oracle Mysql 5.1.71 Oracle Mysql 5.1.68 Oracle Mysql 5.1.67 Oracle Mysql 5.1.64 Oracle Mysql 5.1.59 Oracle Mysql 5.1.58 Oracle Mysql 5.1.57 Oracle Mysql 5.1.56 Oracle Mysql 5.1.55 Oracle Mysql 5.1.54 Oracle Mysql 5.1.53 Oracle Mysql 5.1.52 Sp1 Oracle Mysql 5.1.51 Oracle Mysql 5.1 |
| Not Vulnerable: |
Oracle Mysql 5.5.39 Oracle Mysql 5.6.20 |
Discussion
Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
MySQL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.
Versions prior to MySQL 5.5.39 and 5.6.20 are vulnerable.
MySQL is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.
Versions prior to MySQL 5.5.39 and 5.6.20 are vulnerable.
Exploit / POC
Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Oracle MySQL Client yaSSL Certificate Decode Buffer Overflow Vulnerability
References:
References:
- Bug 518718 -
(Gentoo's Bugzilla) - Changes in MySQL 5.5.39 (2014-07-31) (Oracle)
- Changes in MySQL 5.6.20 (2014-07-31) (Oracle)
- MySQL Homepage (Oracle)