MySQL yaSSL Vulnerability

  Severity: HIGH
  CVE Identifier: CVE-2008-0226
  Advisory Date: AUG 27, 2015

  DESCRIPTION

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

  TREND MICRO PROTECTION INFORMATION

  • 1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability
  • 1006262 - MySQL yaSSL Pre-authentication Code Execution Vulnerability

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1001312
  Trend Micro Deep Security DPI Rule Name: 1001312 - MySQL yaSSL Pre-authentication Code Execution

  AFFECTED SOFTWARE AND VERSION

  • MySQL MySQL
  • yaSSL yaSSL 1.7.5

Featured Stories