Vulnerability Name:

CVE-2008-0226 (CCN-39429)

Assigned:2008-01-04
Published:2008-01-04
Updated:2019-12-17
Summary:Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Luigi Auriemma Advisories, 04 Jan 2008
Multiple vulnerabilities in yaSSL 1.7.5

Source: CONFIRM
Type: Permissions Required
http://bugs.mysql.com/33814

Source: MITRE
Type: CNA
CVE-2008-0226

Source: CONFIRM
Type: Not Applicable
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

Source: APPLE
Type: Mailing List, Third Party Advisory
APPLE-SA-2008-10-09

Source: CCN
Type: SA28324
yaSSL Multiple Vulnerabilities

Source: SECUNIA
Type: Not Applicable
28324

Source: CCN
Type: SA28419
MySQL yaSSL Multiple Vulnerabilities

Source: SECUNIA
Type: Not Applicable
28419

Source: SECUNIA
Type: Not Applicable
28597

Source: SECUNIA
Type: Not Applicable
29443

Source: CCN
Type: SA32222
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Not Applicable
32222

Source: SREASON
Type: Third Party Advisory
3531

Source: CCN
Type: Apple Web site
About Security Update 2008-007

Source: CONFIRM
Type: Third Party Advisory
http://support.apple.com/kb/HT3216

Source: DEBIAN
Type: Third Party Advisory
DSA-1478

Source: DEBIAN
Type: DSA-1478
mysql-dfsg-5.0 -- buffer overflows

Source: MANDRIVA
Type: Broken Link
MDVSA-2008:150

Source: CCN
Type: MySQL AB Web site
MySQL

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080104 Multiple vulnerabilities in yaSSL 1.7.5

Source: BUGTRAQ
Type: Third Party Advisory, VDB Entry
20080104 Pre-auth buffer-overflow in mySQL through yaSSL

Source: BID
Type: Third Party Advisory, VDB Entry
27140

Source: CCN
Type: BID-27140
yaSSL Multiple Remote Buffer Overflow Vulnerabilities

Source: BID
Type: Third Party Advisory, VDB Entry
31681

Source: CCN
Type: BID-31681
RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

Source: CCN
Type: USN-588-1
MySQL vulnerabilities

Source: UBUNTU
Type: Third Party Advisory
USN-588-1

Source: CCN
Type: USN-588-2
MySQL regression

Source: VUPEN
Type: Permissions Required
ADV-2008-0560

Source: VUPEN
Type: Permissions Required
ADV-2008-2780

Source: CCN
Type: yaSSL Web site
yaSSL Downloads

Source: XF
Type: UNKNOWN
yassl-processoldclienthello-bo(39429)

Source: XF
Type: VDB Entry
yassl-processoldclienthello-bo(39429)

Source: XF
Type: VDB Entry
yassl-inputbufferoperator-bo(39431)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:yassl:yassl:*:*:*:*:*:*:*:* (Version <= 1.7.5)

    • Configuration 2:
  • cpe:/a:oracle:mysql:5.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.1:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.3:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.4:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.5:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.10:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.15:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.16:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.17:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.20:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.24:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.30:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.36:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.44:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.54:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.56:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.60:-:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.66:-:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.28:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.34:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.40:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.46:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.48:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.58:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.62:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.64:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:5.1.22:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2008-0226 (CCN-39431)

    Assigned:2008-01-04
    Published:2008-01-04
    Updated:2008-01-04
    Summary:yaSSL is vulnerable to a buffer overflow, caused by improper bounds checking by the yaSSL input_buffer& operator function. By sending an overly long Hello packet, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Luigi Auriemma Advisories, 04 Jan 2008
    Multiple vulnerabilities in yaSSL 1.7.5

    Source: MITRE
    Type: CNA
    CVE-2008-0226

    Source: CCN
    Type: SA28324
    yaSSL Multiple Vulnerabilities

    Source: CCN
    Type: SA28419
    MySQL yaSSL Multiple Vulnerabilities

    Source: CCN
    Type: SA32222
    Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

    Source: CCN
    Type: Apple Web site
    About Security Update 2008-007

    Source: DEBIAN
    Type: DSA-1478
    mysql-dfsg-5.0 -- buffer overflows

    Source: CCN
    Type: MySQL AB Web site
    MySQL

    Source: CCN
    Type: BID-27140
    yaSSL Multiple Remote Buffer Overflow Vulnerabilities

    Source: CCN
    Type: BID-31681
    RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities

    Source: CCN
    Type: USN-588-1
    MySQL vulnerabilities

    Source: CCN
    Type: USN-588-2
    MySQL regression

    Source: CCN
    Type: yaSSL Web site
    yaSSL Downloads

    Source: XF
    Type: UNKNOWN
    yassl-inputbufferoperator-bo(39431)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:yassl:yassl:1.7.5:*:*:*:*:*:*:*
  • OR cpe:/a:mysql:mysql:5.0.51:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06:*:lts:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17775
    P
    		USN-588-1 -- mysql-dfsg-5.0 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:17802
    P
    		USN-588-2 -- mysql-dfsg-5.0 regression
    2014-06-30
    oval:org.mitre.oval:def:19935
    P
    		DSA-1478-1 mysql-dfsg-5.0 - buffer overflows
    2014-06-23
    oval:org.mitre.oval:def:8173
    P
    		DSA-1478 mysql-dfsg-5.0 -- buffer overflows
    2014-06-23
    oval:org.debian:def:1478
    V
    		buffer overflows
    2008-01-28
    BACK
    yassl yassl *
    mysql mysql 5.0.0
    mysql mysql 5.0.1
    mysql mysql 5.0.2
    mysql mysql 5.0.3
    mysql mysql 5.0.4
    mysql mysql 5.0.5
    mysql mysql 5.0.10
    mysql mysql 5.0.15
    mysql mysql 5.0.16
    mysql mysql 5.0.17
    mysql mysql 5.0.20
    mysql mysql 5.0.24
    mysql mysql 5.0.30
    mysql mysql 5.0.36
    mysql mysql 5.0.44
    mysql mysql 5.0.54
    mysql mysql 5.0.56
    mysql mysql 5.0.60
    mysql mysql 5.0.66
    mysql mysql 5.1.5
    oracle mysql 5.0.23
    oracle mysql 5.0.25
    oracle mysql 5.0.26
    oracle mysql 5.0.28
    oracle mysql 5.0.30 sp1
    oracle mysql 5.0.32
    oracle mysql 5.0.34
    oracle mysql 5.0.36 sp1
    oracle mysql 5.0.38
    oracle mysql 5.0.40
    oracle mysql 5.0.41
    oracle mysql 5.0.42
    oracle mysql 5.0.44 sp1
    oracle mysql 5.0.45
    oracle mysql 5.0.46
    oracle mysql 5.0.48
    oracle mysql 5.0.50
    oracle mysql 5.0.50 sp1
    oracle mysql 5.0.51
    oracle mysql 5.0.52
    oracle mysql 5.0.56 sp1
    oracle mysql 5.0.58
    oracle mysql 5.0.60 sp1
    oracle mysql 5.0.62
    oracle mysql 5.0.64
    oracle mysql 5.0.66 sp1
    oracle mysql 5.1
    oracle mysql 5.1.1
    oracle mysql 5.1.2
    oracle mysql 5.1.3
    oracle mysql 5.1.4
    oracle mysql 5.1.6
    oracle mysql 5.1.7
    oracle mysql 5.1.8
    oracle mysql 5.1.9
    oracle mysql 5.1.10
    oracle mysql 5.1.11
    oracle mysql 5.1.12
    oracle mysql 5.1.13
    oracle mysql 5.1.14
    oracle mysql 5.1.15
    oracle mysql 5.1.16
    oracle mysql 5.1.17
    oracle mysql 5.1.18
    oracle mysql 5.1.19
    oracle mysql 5.1.20
    oracle mysql 5.1.21
    oracle mysql 5.1.22
    apple mac os x 10.5.4
    debian debian linux 5.0
    canonical ubuntu linux 6.06
    canonical ubuntu linux 6.10
    canonical ubuntu linux 7.04
    canonical ubuntu linux 7.10
    yassl yassl 1.7.5
    mysql mysql 5.0.51
    canonical ubuntu 6.06
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    canonical ubuntu 7.04
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2007.1
    apple mac os x server 10.5
    apple mac os x server 10.5.1
    apple mac os x server 10.5.2
    apple mac os x server 10.5.3
    apple mac os x server 10.5.4
    apple mac os x server 10.5.5