Vulnerability Name: | CVE-2008-0226 (CCN-39429) |
Assigned: | 2008-01-04 |
Published: | 2008-01-04 |
Updated: | 2019-12-17 |
Summary: | Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
|
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Access Complexity (AC): Authentication (Au): | Impact Metrics: | Confidentiality (C): Integrity (I): Availibility (A): | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Access Complexity (AC): Athentication (Au):
| Impact Metrics: | Confidentiality (C): Integrity (I): Availibility (A): |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: Luigi Auriemma Advisories, 04 Jan 2008 Multiple vulnerabilities in yaSSL 1.7.5
Source: CONFIRM Type: Permissions Required http://bugs.mysql.com/33814
Source: MITRE Type: CNA CVE-2008-0226
Source: CONFIRM Type: Not Applicable http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2008-10-09
Source: CCN Type: SA28324 yaSSL Multiple Vulnerabilities
Source: SECUNIA Type: Not Applicable 28324
Source: CCN Type: SA28419 MySQL yaSSL Multiple Vulnerabilities
Source: SECUNIA Type: Not Applicable 28419
Source: SECUNIA Type: Not Applicable 28597
Source: SECUNIA Type: Not Applicable 29443
Source: CCN Type: SA32222 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Source: SECUNIA Type: Not Applicable 32222
Source: SREASON Type: Third Party Advisory 3531
Source: CCN Type: Apple Web site About Security Update 2008-007
Source: CONFIRM Type: Third Party Advisory http://support.apple.com/kb/HT3216
Source: DEBIAN Type: Third Party Advisory DSA-1478
Source: DEBIAN Type: DSA-1478 mysql-dfsg-5.0 -- buffer overflows
Source: MANDRIVA Type: Broken Link MDVSA-2008:150
Source: CCN Type: MySQL AB Web site MySQL
Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080104 Multiple vulnerabilities in yaSSL 1.7.5
Source: BUGTRAQ Type: Third Party Advisory, VDB Entry 20080104 Pre-auth buffer-overflow in mySQL through yaSSL
Source: BID Type: Third Party Advisory, VDB Entry 27140
Source: CCN Type: BID-27140 yaSSL Multiple Remote Buffer Overflow Vulnerabilities
Source: BID Type: Third Party Advisory, VDB Entry 31681
Source: CCN Type: BID-31681 RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
Source: CCN Type: USN-588-1 MySQL vulnerabilities
Source: UBUNTU Type: Third Party Advisory USN-588-1
Source: CCN Type: USN-588-2 MySQL regression
Source: VUPEN Type: Permissions Required ADV-2008-0560
Source: VUPEN Type: Permissions Required ADV-2008-2780
Source: CCN Type: yaSSL Web site yaSSL Downloads
Source: XF Type: UNKNOWN yassl-processoldclienthello-bo(39429)
Source: XF Type: VDB Entry yassl-processoldclienthello-bo(39429)
Source: XF Type: VDB Entry yassl-inputbufferoperator-bo(39431)
|
Vulnerable Configuration: | Configuration 1: cpe:/a:yassl:yassl:*:*:*:*:*:*:*:* (Version <= 1.7.5) Configuration 2: cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.30:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.36:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.44:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.54:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.56:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.60:-:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.66:-:*:*:*:*:*:*OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.23:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.25:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.26:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.28:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.32:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.34:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.38:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.40:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.41:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.42:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.45:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.46:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.48:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.50:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.51:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.52:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.58:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.62:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.64:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.6:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.7:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.8:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.9:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.18:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.19:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.20:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.21:*:*:*:*:*:*:*OR cpe:/a:oracle:mysql:5.1.22:*:*:*:*:*:*:* Configuration 3: cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:* Configuration 4: cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:* Configuration 5: cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Vulnerability Name: | CVE-2008-0226 (CCN-39431) |
Assigned: | 2008-01-04 |
Published: | 2008-01-04 |
Updated: | 2008-01-04 |
Summary: | yaSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the yaSSL input_buffer& operator function. By sending an overly long Hello packet, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. |
CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): Low Integrity (I): Low Availibility (A): Low |
|
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Access Complexity (AC): Authentication (Au): | Impact Metrics: | Confidentiality (C): Integrity (I): Availibility (A): | 7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Access Complexity (AC): Athentication (Au):
| Impact Metrics: | Confidentiality (C): Integrity (I): Availibility (A): |
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: Luigi Auriemma Advisories, 04 Jan 2008 Multiple vulnerabilities in yaSSL 1.7.5
Source: MITRE Type: CNA CVE-2008-0226
Source: CCN Type: SA28324 yaSSL Multiple Vulnerabilities
Source: CCN Type: SA28419 MySQL yaSSL Multiple Vulnerabilities
Source: CCN Type: SA32222 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Source: CCN Type: Apple Web site About Security Update 2008-007
Source: DEBIAN Type: DSA-1478 mysql-dfsg-5.0 -- buffer overflows
Source: CCN Type: MySQL AB Web site MySQL
Source: CCN Type: BID-27140 yaSSL Multiple Remote Buffer Overflow Vulnerabilities
Source: CCN Type: BID-31681 RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
Source: CCN Type: USN-588-1 MySQL vulnerabilities
Source: CCN Type: USN-588-2 MySQL regression
Source: CCN Type: yaSSL Web site yaSSL Downloads
Source: XF Type: UNKNOWN yassl-inputbufferoperator-bo(39431)
|
Vulnerable Configuration: | Configuration CCN 1: cpe:/a:yassl:yassl:1.7.5:*:*:*:*:*:*:*OR cpe:/a:mysql:mysql:5.0.51:*:*:*:*:*:*:*AND cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
yassl yassl *
mysql mysql 5.0.0
mysql mysql 5.0.1
mysql mysql 5.0.2
mysql mysql 5.0.3
mysql mysql 5.0.4
mysql mysql 5.0.5
mysql mysql 5.0.10
mysql mysql 5.0.15
mysql mysql 5.0.16
mysql mysql 5.0.17
mysql mysql 5.0.20
mysql mysql 5.0.24
mysql mysql 5.0.30
mysql mysql 5.0.36
mysql mysql 5.0.44
mysql mysql 5.0.54
mysql mysql 5.0.56
mysql mysql 5.0.60
mysql mysql 5.0.66
mysql mysql 5.1.5
oracle mysql 5.0.23
oracle mysql 5.0.25
oracle mysql 5.0.26
oracle mysql 5.0.28
oracle mysql 5.0.30 sp1
oracle mysql 5.0.32
oracle mysql 5.0.34
oracle mysql 5.0.36 sp1
oracle mysql 5.0.38
oracle mysql 5.0.40
oracle mysql 5.0.41
oracle mysql 5.0.42
oracle mysql 5.0.44 sp1
oracle mysql 5.0.45
oracle mysql 5.0.46
oracle mysql 5.0.48
oracle mysql 5.0.50
oracle mysql 5.0.50 sp1
oracle mysql 5.0.51
oracle mysql 5.0.52
oracle mysql 5.0.56 sp1
oracle mysql 5.0.58
oracle mysql 5.0.60 sp1
oracle mysql 5.0.62
oracle mysql 5.0.64
oracle mysql 5.0.66 sp1
oracle mysql 5.1
oracle mysql 5.1.1
oracle mysql 5.1.2
oracle mysql 5.1.3
oracle mysql 5.1.4
oracle mysql 5.1.6
oracle mysql 5.1.7
oracle mysql 5.1.8
oracle mysql 5.1.9
oracle mysql 5.1.10
oracle mysql 5.1.11
oracle mysql 5.1.12
oracle mysql 5.1.13
oracle mysql 5.1.14
oracle mysql 5.1.15
oracle mysql 5.1.16
oracle mysql 5.1.17
oracle mysql 5.1.18
oracle mysql 5.1.19
oracle mysql 5.1.20
oracle mysql 5.1.21
oracle mysql 5.1.22
apple mac os x 10.5.4
debian debian linux 5.0
canonical ubuntu linux 6.06
canonical ubuntu linux 6.10
canonical ubuntu linux 7.04
canonical ubuntu linux 7.10
yassl yassl 1.7.5
mysql mysql 5.0.51
canonical ubuntu 6.06
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux corporate server 4.0
mandrakesoft mandrake linux 2007.1
mandrakesoft mandrake linux 2008.0
debian debian linux 4.0
canonical ubuntu 7.04
canonical ubuntu 7.10
mandrakesoft mandrake linux 2008.0
mandrakesoft mandrake linux 2007.1
apple mac os x server 10.5
apple mac os x server 10.5.1
apple mac os x server 10.5.2
apple mac os x server 10.5.3
apple mac os x server 10.5.4
apple mac os x server 10.5.5