CVE-2008-0226: Buffer Overflow
First published: Thu Jan 10 2008(Updated: )
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yassl Yassl | <=1.7.5 | |
| MySQL MySQL | =5.0.5 | |
| MySQL MySQL | =5.0.10 | |
| MySQL MySQL | =5.0.54 | |
| MySQL MySQL | =5.0.0 | |
| MySQL MySQL | =5.0.15 | |
| MySQL MySQL | =5.0.17 | |
| MySQL MySQL | =5.0.3 | |
| MySQL MySQL | =5.0.44 | |
| MySQL MySQL | =5.0.66 | |
| MySQL MySQL | =5.0.56 | |
| MySQL MySQL | =5.0.60 | |
| MySQL MySQL | =5.0.24 | |
| MySQL MySQL | =5.0.2 | |
| MySQL MySQL | =5.0.30 | |
| MySQL MySQL | =5.0.20 | |
| MySQL MySQL | =5.0.1 | |
| MySQL MySQL | =5.0.4 | |
| MySQL MySQL | =5.0.36 | |
| MySQL MySQL | =5.0.16 | |
| MySQL MySQL | =5.1.5 | |
| Oracle MySQL | =5.0.48 | |
| Oracle MySQL | =5.0.50-sp1 | |
| Oracle MySQL | =5.0.50 | |
| Oracle MySQL | =5.0.51 | |
| Oracle MySQL | =5.0.23 | |
| Oracle MySQL | =5.0.25 | |
| Oracle MySQL | =5.0.26 | |
| Oracle MySQL | =5.0.28 | |
| Oracle MySQL | =5.0.30-sp1 | |
| Oracle MySQL | =5.0.32 | |
| Oracle MySQL | =5.0.34 | |
| Oracle MySQL | =5.0.36-sp1 | |
| Oracle MySQL | =5.0.38 | |
| Oracle MySQL | =5.0.40 | |
| Oracle MySQL | =5.0.41 | |
| Oracle MySQL | =5.0.42 | |
| Oracle MySQL | =5.0.44-sp1 | |
| Oracle MySQL | =5.0.45 | |
| Oracle MySQL | =5.0.46 | |
| Oracle MySQL | =5.0.52 | |
| Oracle MySQL | =5.0.56-sp1 | |
| Oracle MySQL | =5.0.58 | |
| Oracle MySQL | =5.0.62 | |
| Oracle MySQL | =5.0.64 | |
| Oracle MySQL | =5.1 | |
| Oracle MySQL | =5.1.1 | |
| Oracle MySQL | =5.1.2 | |
| Oracle MySQL | =5.1.3 | |
| Oracle MySQL | =5.1.4 | |
| Oracle MySQL | =5.1.6 | |
| Oracle MySQL | =5.1.7 | |
| Oracle MySQL | =5.1.8 | |
| Oracle MySQL | =5.1.9 | |
| Oracle MySQL | =5.1.10 | |
| Oracle MySQL | =5.1.11 | |
| Oracle MySQL | =5.1.12 | |
| Oracle MySQL | =5.1.13 | |
| Oracle MySQL | =5.1.14 | |
| Oracle MySQL | =5.1.15 | |
| Oracle MySQL | =5.1.16 | |
| Oracle MySQL | =5.1.17 | |
| Oracle MySQL | =5.1.18 | |
| Oracle MySQL | =5.1.19 | |
| Oracle MySQL | =5.1.20 | |
| Oracle MySQL | =5.1.21 | |
| Oracle MySQL | =5.1.22 | |
| Oracle MySQL | =5.0.60-sp1 | |
| Oracle MySQL | =5.0.66-sp1 | |
| Apple Mac OS X | =10.5.4 | |
| Debian Debian Linux | =5.0 | |
| Canonical Ubuntu Linux | =6.06 | |
| Canonical Ubuntu Linux | =7.04 | |
| Canonical Ubuntu Linux | =7.10 | |
| Canonical Ubuntu Linux | =6.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/27140
- http://secunia.com/advisories/28324
- http://secunia.com/advisories/28419
- http://www.debian.org/security/2008/dsa-1478
- http://secunia.com/advisories/28597
- http://bugs.mysql.com/33814
- http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
- http://www.ubuntu.com/usn/usn-588-1
- http://secunia.com/advisories/29443
- http://securityreason.com/securityalert/3531
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
- http://www.securityfocus.com/bid/31681
- http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
- http://secunia.com/advisories/32222
- http://support.apple.com/kb/HT3216
- http://www.vupen.com/english/advisories/2008/0560/references
- http://www.vupen.com/english/advisories/2008/2780
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39431
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39429
- http://www.securityfocus.com/archive/1/485811/100/0/threaded
- http://www.securityfocus.com/archive/1/485810/100/0/threaded
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/yassl
- canonical/yassl yassl
- version/yassl yassl/1.7.5
- vendor/mysql
- canonical/mysql mysql
- version/mysql mysql/5.0.5
- version/mysql mysql/5.0.10
- version/mysql mysql/5.0.54
- version/mysql mysql/5.0.0
- version/mysql mysql/5.0.15
- version/mysql mysql/5.0.17
- version/mysql mysql/5.0.3
- version/mysql mysql/5.0.44
- version/mysql mysql/5.0.66
- version/mysql mysql/5.0.56
- version/mysql mysql/5.0.60
- version/mysql mysql/5.0.24
- version/mysql mysql/5.0.2
- version/mysql mysql/5.0.30
- version/mysql mysql/5.0.20
- version/mysql mysql/5.0.1
- version/mysql mysql/5.0.4
- version/mysql mysql/5.0.36
- version/mysql mysql/5.0.16
- version/mysql mysql/5.1.5
- vendor/oracle
- canonical/oracle mysql
- version/oracle mysql/5.0.48
- version/oracle mysql/5.0.50-sp1
- version/oracle mysql/5.0.50
- version/oracle mysql/5.0.51
- version/oracle mysql/5.0.23
- version/oracle mysql/5.0.25
- version/oracle mysql/5.0.26
- version/oracle mysql/5.0.28
- version/oracle mysql/5.0.30-sp1
- version/oracle mysql/5.0.32
- version/oracle mysql/5.0.34
- version/oracle mysql/5.0.36-sp1
- version/oracle mysql/5.0.38
- version/oracle mysql/5.0.40
- version/oracle mysql/5.0.41
- version/oracle mysql/5.0.42
- version/oracle mysql/5.0.44-sp1
- version/oracle mysql/5.0.45
- version/oracle mysql/5.0.46
- version/oracle mysql/5.0.52
- version/oracle mysql/5.0.56-sp1
- version/oracle mysql/5.0.58
- version/oracle mysql/5.0.62
- version/oracle mysql/5.0.64
- version/oracle mysql/5.1
- version/oracle mysql/5.1.1
- version/oracle mysql/5.1.2
- version/oracle mysql/5.1.3
- version/oracle mysql/5.1.4
- version/oracle mysql/5.1.6
- version/oracle mysql/5.1.7
- version/oracle mysql/5.1.8
- version/oracle mysql/5.1.9
- version/oracle mysql/5.1.10
- version/oracle mysql/5.1.11
- version/oracle mysql/5.1.12
- version/oracle mysql/5.1.13
- version/oracle mysql/5.1.14
- version/oracle mysql/5.1.15
- version/oracle mysql/5.1.16
- version/oracle mysql/5.1.17
- version/oracle mysql/5.1.18
- version/oracle mysql/5.1.19
- version/oracle mysql/5.1.20
- version/oracle mysql/5.1.21
- version/oracle mysql/5.1.22
- version/oracle mysql/5.0.60-sp1
- version/oracle mysql/5.0.66-sp1
- vendor/apple
- canonical/apple mac os x
- version/apple mac os x/10.5.4
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/6.06
- version/canonical ubuntu linux/7.04
- version/canonical ubuntu linux/7.10
- version/canonical ubuntu linux/6.10