CVE-2008-0226 Information

Description

Multiple buffer overflows in yaSSL 1.7.5 and earlier as used in MySQL and possibly other products allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) \input_buffer& operator\ in yassl_imp.cpp.

Reference

http://bugs.mysql.com/33814 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/28324 http://secunia.com/advisories/28419 http://secunia.com/advisories/28597 http://secunia.com/advisories/29443 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3531 http://support.apple.com/kb/HT3216 http://www.debian.org/security/2008/dsa-1478 http://www.mandriva.com/security/advisories?name=MDVSA-2008:150 http://www.securityfocus.com/archive/1/485810/100/0/threaded http://www.securityfocus.com/archive/1/485811/100/0/threaded http://www.securityfocus.com/bid/27140 http://www.securityfocus.com/bid/31681 http://www.ubuntu.com/usn/usn-588-1 http://www.vupen.com/english/advisories/2008/0560/references http://www.vupen.com/english/advisories/2008/2780 https://exchange.xforce.ibmcloud.com/vulnerabilities/39429 https://exchange.xforce.ibmcloud.com/vulnerabilities/39431