The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510 | vdb entry signature |
| http://www.redhat.com/support/errata/RHSA-2010-0109.html | vendor advisory |
| http://www.vupen.com/english/advisories/2010/1107 | vdb entry vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html | vendor advisory |
| http://www.openwall.com/lists/oss-security/2009/11/19/3 | mailing list |
| http://lists.mysql.com/commits/87446 | mailing list exploit |
| http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html | |
| http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html | |
| http://marc.info/?l=oss-security&m=125881733826437&w=2 | mailing list |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940 | vdb entry signature |
| http://bugs.mysql.com/47320 | |
| http://www.openwall.com/lists/oss-security/2009/11/23/16 | mailing list |