| Revision Date: | 2013-09-23 | Version: | 14 |
| Title: | MySQL 5.0 and 5.1 Clients with OpenSSL Vulnerability Allows Bypassing Server Certificate Checking |
| Description: | The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2009-4028
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | MySQL Server 5.0
MySQL Server 5.1
|
| Definition Synopsis |
| AND MySQL 5.0 is installed
AND MySQL Server 5.0 version is less than 5.0.88
OR
MySQL 5.1 is installed
AND MySQL Server 5.1 version is less than 5.1.41
|