Launchpad.net

CVE 2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Related bugs and status

CVE-2008-0226 (Candidate) is related to these bugs:

Bug #172260: [mysql] multiple vulnerabilities

		In	Importance	Status
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (tuXlab)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Dapper)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Dapper)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Edgy)	Undecided	Won't Fix
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Edgy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Edgy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Feisty)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Feisty)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Gutsy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Gutsy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg (Ubuntu Hardy)	Unknown	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-4.1 (Ubuntu Hardy)	Undecided	Invalid
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.0 (Ubuntu Hardy)	Medium	Fix Released
172260	[mysql] multiple vulnerabilities	mysql-dfsg-5.1 (Ubuntu Hardy)	Undecided	Invalid

Bug #185039: [mysql] [CVE-2007-6303] remote privilege escalation

Summary				In	Importance	Status
	185039	[mysql] [CVE-2007-6303] remote privilege escalation		mysql-dfsg-5.0 (Ubuntu)	Undecided	Fix Released

Bug #186978: [mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL

		In	Importance	Status
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu)	Undecided	Fix Released
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu Edgy)	Undecided	Fix Released
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu Feisty)	Undecided	Fix Released
186978	[mysql] [CVE-2008-0226] [CVE-2008-0227] buffer overflows in YaSSL	mysql-dfsg-5.0 (Ubuntu Gutsy)	Undecided	Fix Released

Bug #201009: [mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed

		In	Importance	Status
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu)	Undecided	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Dapper)	High	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Edgy)	High	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Feisty)	High	Fix Released
201009	[mysql-dfsg-5.0] fix for several open vulnerabilities in -proposed	mysql-dfsg-5.0 (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

BID: 27140
SECUNIA: 28324
SECUNIA: 28419
DEBIAN: DSA-1478
SECUNIA: 28597
CONFIRM: http://bugs.mysql.com/...
CONFIRM: http://dev.mysql.com/d...
UBUNTU: USN-588-1
SECUNIA: 29443
SREASON: 3531
MANDRIVA: MDVSA-2008:150
APPLE: APPLE-SA-2008-10-09
BID: 31681
CONFIRM: http://support.apple.c...
SECUNIA: 32222
VUPEN: ADV-2008-0560
VUPEN: ADV-2008-2780
XF: yassl-inputbufferopera...
XF: yassl-processoldclient...
BUGTRAQ: 20080104 Multiple vuln...
BUGTRAQ: 20080104 Pre-auth buff...