危険度:
  CVE識別番号: CVE-2008-0226
  情報公開日: 8 27, 2015

  概要

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

  トレンドマイクロの対策

  • 1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability
  • 1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability

  対応方法

  Trend Micro Deep Security DPI Rule Number: 1001312
  Trend Micro Deep Security DPI Rule Name: 1001312 - MySQL yaSSL Pre-authentication Code Execution

  影響を受けるソフトウェア

  • MySQL MySQL
  • yaSSL yaSSL 1.7.5