CVE-2008-0226 - CVE Reference - Advisories

CVE Reference: CVE-2008-0226

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0226

Description: Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-588-1 SREASON http://securityreason.com/securityalert/3531 SAID Secunia Advisory: SA28324 Secunia Advisory: SA28419 Secunia Advisory: SA28597 Secunia Advisory: SA29443 DEBIAN http://www.debian.org/security/2008/dsa-1478 CONFIRM http://bugs.mysql.com/33814 http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/485811/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded BID 27140

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	Drupal Session Fixation Vulnerability

3.	OpenBSD BIND Query Port DNS Cache Poisoning

4.	Red Hat update for kernel

5.	Ubuntu update for php

6.	Debian update for xulrunner

7.	IPCop update for perl

8.	Debian update for cupsys

9.	Red Hat update for thunderbird

10.	Apple Safari Cross-Domain Cookie Injection Vulnerability