Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0226

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0226
Last Modified 07 Mar 2011 10:04:10
Published 10 Jan 2008 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0226

Summary

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Systems

Application

  • Mysql

  • Yassl 1.7.5


References

XF - yassl-inputbufferoperator-bo(39431)

XF - yassl-processoldclienthello-bo(39429)

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-0560

BID - 31681

BID - 27140

BUGTRAQ - 20080104 Pre-auth buffer-overflow in mySQL through yaSSL

BUGTRAQ - 20080104 Multiple vulnerabilities in yaSSL 1.7.5

MANDRIVA - MDVSA-2008:150

CONFIRM - http://support.apple.com/kb/HT3216

SECUNIA - 32222

SECUNIA - 28324

APPLE - APPLE-SA-2008-10-09

UBUNTU - USN-588-1

DEBIAN - DSA-1478

SREASON - 3531

SECUNIA - 29443

SECUNIA - 28597

SECUNIA - 28419

CONFIRM - http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

CONFIRM - http://bugs.mysql.com/33814

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 10:46:43