{"id":1650,"date":"2010-01-19T09:00:46","date_gmt":"2010-01-19T14:00:46","guid":{"rendered":"http:\/\/www.bytebot.net\/blog\/?p=1650"},"modified":"2010-01-19T09:00:46","modified_gmt":"2010-01-19T14:00:46","slug":"mysql-with-yassl-vulnerability","status":"publish","type":"post","link":"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability","title":{"rendered":"MySQL with yaSSL vulnerability"},"content":{"rendered":"<p>It&#8217;s worth noting that if you&#8217;re using MySQL 5.0\/5.1, with SSL enabled, and you&#8217;re using <a href=\"http:\/\/www.yassl.com\/\">yaSSL<\/a> as opposed to OpenSSL, you&#8217;re vulnerable to <a href=\"http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2009-4484\">CVE-2009-4484<\/a>. Its a buffer overflow, that works over TCP, via the MySQL port, 3306. <a href=\"http:\/\/www.lenzg.net\/\">Lenz<\/a> furnished us with some <a href=\"http:\/\/lists.mysql.com\/packagers\/444\">information<\/a>, and the <a href=\"http:\/\/lists.mysql.com\/commits\/96697\">patch<\/a> is available. You&#8217;ll see this rocking when MySQL 5.1.43 gets released. <\/p>\n<p>It affects Debian (presumably, it will also affect Ubuntu). Red Hat\/CentOS is <a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=555313\">spared<\/a>, because instead of using yaSSL, OpenSSL is used. <\/p>\n<p>MariaDB <a href=\"http:\/\/askmonty.org\/wiki\/index.php\/MariaDB:Download\">5.1.41-rc<\/a> (based on MySQL 5.1.41) which was just released a few days ago, naturally is also affected. The next release candidate might potentially be rebased against 5.1.42 (the builds are already ready, from what I understand), and will include this patch.<\/p>\n<p><b>Some yaSSL trivia:<\/b> did you know that one of the two co-founders of the project, is actually Larry Stefonic? Larry was an early MySQL Ab employee, holding quite a few positions at MySQL Ab; he was the President of MySQL KK (the Japanese branch), and was also SVP for worldwide OEM sales!<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20MySQL%20with%20yaSSL%20vulnerability&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2010%2F01%2F19%2Fmysql-with-yassl-vulnerability&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"71d6909885\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-1650\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-1650\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-1650\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>It&#8217;s worth noting that if you&#8217;re using MySQL 5.0\/5.1, with SSL enabled, and you&#8217;re using yaSSL as opposed to OpenSSL, you&#8217;re vulnerable to CVE-2009-4484. Its a buffer overflow, that works over TCP, via the MySQL port, 3306. Lenz furnished us with some information, and the patch is available. You&#8217;ll see this rocking when MySQL 5.1.43 [&hellip;]<\/p>\n<div class=\"sharedaddy sd-sharing-enabled\"><div class=\"robots-nocontent sd-block sd-social sd-social-icon-text sd-sharing\"><h3 class=\"sd-title\">Share this:<\/h3><div class=\"sd-content\"><ul><li class=\"share-email\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"\" class=\"share-email sd-button share-icon\" href=\"mailto:?subject=%5BShared%20Post%5D%20MySQL%20with%20yaSSL%20vulnerability&body=http%3A%2F%2Fwww.bytebot.net%2Fblog%2Farchives%2F2010%2F01%2F19%2Fmysql-with-yassl-vulnerability&share=email\" target=\"_blank\" title=\"Click to email a link to a friend\" data-email-share-error-title=\"Do you have email set up?\" data-email-share-error-text=\"If you&#039;re having problems sharing via email, you might not have email set up for your browser. You may need to create a new email yourself.\" data-email-share-nonce=\"71d6909885\" data-email-share-track-url=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=email\"><span>Email<\/span><\/a><\/li><li class=\"share-facebook\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-facebook-1650\" class=\"share-facebook sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=facebook\" target=\"_blank\" title=\"Click to share on Facebook\" ><span>Facebook<\/span><\/a><\/li><li class=\"share-linkedin\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-linkedin-1650\" class=\"share-linkedin sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=linkedin\" target=\"_blank\" title=\"Click to share on LinkedIn\" ><span>LinkedIn<\/span><\/a><\/li><li class=\"share-twitter\"><a rel=\"nofollow noopener noreferrer\" data-shared=\"sharing-twitter-1650\" class=\"share-twitter sd-button share-icon\" href=\"http:\/\/www.bytebot.net\/blog\/archives\/2010\/01\/19\/mysql-with-yassl-vulnerability?share=twitter\" target=\"_blank\" title=\"Click to share on Twitter\" ><span>Twitter<\/span><\/a><\/li><li class=\"share-end\"><\/li><\/ul><\/div><\/div><\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_options":[]},"categories":[23],"tags":[1052,1775,68,1053],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p4vJD-qC","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":1689,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2010\/02\/23\/recently-in-mariadb-1","url_meta":{"origin":1650,"position":0},"title":"Recently in MariaDB #1","date":"23\/2\/2010","format":false,"excerpt":"The aims of this kind of blog post is simple - I want to help keep the masses informed as to what's happening with MariaDB, as a whole. There is a community growing, and MariaDB is a community project, not necessarily a Monty Program Ab baby (and we're clear on\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2904,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2014\/04\/17\/ssl-and-mariadbmysql","url_meta":{"origin":1650,"position":1},"title":"SSL and MariaDB\/MySQL","date":"17\/4\/2014","format":false,"excerpt":"With the recent Heartbleed bug, people are clearly more interested in their MariaDB\/MySQL running with SSL and if they have problems. First up, you should read the advisory notes: MariaDB, Percona Server (blog), and MySQL\u00a0(blog). Next, when you install MariaDB (or a variant) you are usually dynamically linked to the\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3296,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2016\/12\/01\/debian-and-mariadb-server","url_meta":{"origin":1650,"position":2},"title":"Debian and MariaDB Server","date":"1\/12\/2016","format":false,"excerpt":"GNU\/Linux distributions matter, and Debian is one of the most popular ones out there in terms of user base. Its an interesting time as MariaDB Server becomes more divergent compared to upstream MySQL, and people go about choosing default providers of the database. The MariaDB Server original goals were to\u2026","rel":"","context":"In &quot;Distributions&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1665,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2010\/02\/05\/mariadb-5-1-42-released","url_meta":{"origin":1650,"position":3},"title":"MariaDB 5.1.42 released!","date":"5\/2\/2010","format":false,"excerpt":"Dear MariaDB users, MariaDB 5.1.42, a new branch of the MySQL database which includes all major open source storage engines, myriad bug fixes, and many community patches, has been released. We are very proud to have made our first final release, and we encourage you to test it out and\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1728,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2010\/04\/02\/mariadb-5-1-44-released","url_meta":{"origin":1650,"position":4},"title":"MariaDB 5.1.44 released","date":"2\/4\/2010","format":false,"excerpt":"Dear MariaDB users, MariaDB 5.1.44, a new branch of the MySQL database which includes all major open source storage engines, myriad bug fixes, and many community patches, has been released. This release is based on MySQL 5.1.44. In includes performance improvements with Maria temporary tables, removal of mutexes and the\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2335,"url":"http:\/\/www.bytebot.net\/blog\/archives\/2012\/03\/22\/mariadb-at-percona-live-santa-clara","url_meta":{"origin":1650,"position":5},"title":"MariaDB at Percona Live Santa Clara","date":"22\/3\/2012","format":false,"excerpt":"I for one can say that I'm truly excited that MariaDB will be part of Percona Live Santa Clara. The MariaDB session list includes: A tutorial: Improving MySQL\/MariaDB query performance through optimizer tuning by\u00a0Timour Katchaounov and\u00a0Sergey Petrunia. You can benefit from this even as a stock MySQL user naturally. MySQL\u2026","rel":"","context":"In &quot;MariaDB&quot;","img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"amp_enabled":true,"_links":{"self":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/1650"}],"collection":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/comments?post=1650"}],"version-history":[{"count":1,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/1650\/revisions"}],"predecessor-version":[{"id":1651,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/posts\/1650\/revisions\/1651"}],"wp:attachment":[{"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/media?parent=1650"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/categories?post=1650"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.bytebot.net\/blog\/wp-json\/wp\/v2\/tags?post=1650"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}