Vulnerability Details : CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerability category: OverflowExecute code

Published 2008-01-10 23:46:00

Updated 2019-12-17 20:26:08

Source MITRE

View at NVD, CVE.org

At least one public exploit which can be used to exploit this vulnerability exists!

Exploit prediction scoring system (EPSS) score for CVE-2008-0226

Probability of exploitation activity in the next 30 days: 97.44%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2008-0226

MySQL yaSSL SSL Hello Message Buffer Overflow

Disclosure Date : 2008-01-04

exploit/windows/mysql/mysql_yassl_hello

This module exploits a stack buffer overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code. Authors: - MC <[email protected]>

More information
MySQL yaSSL SSL Hello Message Buffer Overflow

Disclosure Date : 2008-01-04

exploit/linux/mysql/mysql_yassl_hello

This module exploits a stack buffer overflow in the yaSSL (1.7.5 and earlier) implementation bundled with MySQL <= 6.0. By sending a specially crafted Hello packet, an attacker may be able to execute arbitrary code. Authors: - MC <[email protected]>

More information

CVSS scores for CVE-2008-0226

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-0226

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: [email protected] (Primary)

Vendor statements for CVE-2008-0226

Red Hat 2008-01-11

Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.

References for CVE-2008-0226

http://bugs.mysql.com/33814

Permissions Required

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/39429

VDB Entry
http://www.vupen.com/english/advisories/2008/0560/references

Permissions Required

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/27140

Third Party Advisory;VDB Entry

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/39431

VDB Entry
http://securityreason.com/securityalert/3531

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/485811/100/0/threaded

Third Party Advisory;VDB Entry
http://www.mandriva.com/security/advisories?name=MDVSA-2008:150

Broken Link

CVEs referencing this url
http://www.securityfocus.com/archive/1/485810/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/2780

Permissions Required

CVEs referencing this url
http://www.ubuntu.com/usn/usn-588-1

Third Party Advisory

CVEs referencing this url
http://support.apple.com/kb/HT3216

Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1478

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/31681

Third Party Advisory;VDB Entry

CVEs referencing this url
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html

Not Applicable

CVEs referencing this url

Products affected by CVE-2008-0226

Debian » Debian Linux » Version: 5.0
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X » Version: 10.5.4
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.4
cpe:2.3:a:oracle:mysql:5.1.4:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.10
cpe:2.3:a:oracle:mysql:5.1.10:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.11
cpe:2.3:a:oracle:mysql:5.1.11:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.8
cpe:2.3:a:oracle:mysql:5.1.8:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.9
cpe:2.3:a:oracle:mysql:5.1.9:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.1
cpe:2.3:a:oracle:mysql:5.1.1:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.6
cpe:2.3:a:oracle:mysql:5.1.6:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.7
cpe:2.3:a:oracle:mysql:5.1.7:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.2
cpe:2.3:a:oracle:mysql:5.1.2:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.3
cpe:2.3:a:oracle:mysql:5.1.3:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.41
cpe:2.3:a:oracle:mysql:5.0.41:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.32
cpe:2.3:a:oracle:mysql:5.0.32:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1
cpe:2.3:a:oracle:mysql:5.1:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.15
cpe:2.3:a:oracle:mysql:5.1.15:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.16
cpe:2.3:a:oracle:mysql:5.1.16:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.12
cpe:2.3:a:oracle:mysql:5.1.12:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.17
cpe:2.3:a:oracle:mysql:5.1.17:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.13
cpe:2.3:a:oracle:mysql:5.1.13:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.14
cpe:2.3:a:oracle:mysql:5.1.14:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.34
cpe:2.3:a:oracle:mysql:5.0.34:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.51
cpe:2.3:a:oracle:mysql:5.0.51:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.52
cpe:2.3:a:oracle:mysql:5.0.52:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.18
cpe:2.3:a:oracle:mysql:5.1.18:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.19
cpe:2.3:a:oracle:mysql:5.1.19:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.20
cpe:2.3:a:oracle:mysql:5.1.20:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.25
cpe:2.3:a:oracle:mysql:5.0.25:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.26
cpe:2.3:a:oracle:mysql:5.0.26:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.42
cpe:2.3:a:oracle:mysql:5.0.42:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.44 Update SP1
cpe:2.3:a:oracle:mysql:5.0.44:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.45
cpe:2.3:a:oracle:mysql:5.0.45:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.58
cpe:2.3:a:oracle:mysql:5.0.58:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.60 Update SP1
cpe:2.3:a:oracle:mysql:5.0.60:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.62
cpe:2.3:a:oracle:mysql:5.0.62:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.23
cpe:2.3:a:oracle:mysql:5.0.23:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.40
cpe:2.3:a:oracle:mysql:5.0.40:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.48
cpe:2.3:a:oracle:mysql:5.0.48:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.50 Update SP1
cpe:2.3:a:oracle:mysql:5.0.50:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.22
cpe:2.3:a:oracle:mysql:5.1.22:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.28
cpe:2.3:a:oracle:mysql:5.0.28:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.30 Update SP1
cpe:2.3:a:oracle:mysql:5.0.30:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.36 Update SP1
cpe:2.3:a:oracle:mysql:5.0.36:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.38
cpe:2.3:a:oracle:mysql:5.0.38:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.46
cpe:2.3:a:oracle:mysql:5.0.46:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.50
cpe:2.3:a:oracle:mysql:5.0.50:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.56 Update SP1
cpe:2.3:a:oracle:mysql:5.0.56:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.64
cpe:2.3:a:oracle:mysql:5.0.64:*:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.0.66 Update SP1
cpe:2.3:a:oracle:mysql:5.0.66:sp1:*:*:*:*:*:*
Matching versions
Oracle » Mysql » Version: 5.1.21
cpe:2.3:a:oracle:mysql:5.1.21:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.1
cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.2
cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.3
cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.4
cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.15
cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.5
cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.16
cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.17
cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.10
cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.20
cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.0
cpe:2.3:a:mysql:mysql:5.0.0:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.1.5
cpe:2.3:a:mysql:mysql:5.1.5:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.24
cpe:2.3:a:mysql:mysql:5.0.24:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.30
cpe:2.3:a:mysql:mysql:5.0.30:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.36
cpe:2.3:a:mysql:mysql:5.0.36:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.44
cpe:2.3:a:mysql:mysql:5.0.44:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.60
cpe:2.3:a:mysql:mysql:5.0.60:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.54
cpe:2.3:a:mysql:mysql:5.0.54:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.56
cpe:2.3:a:mysql:mysql:5.0.56:*:*:*:*:*:*:*
Matching versions
Mysql » Mysql » Version: 5.0.66
cpe:2.3:a:mysql:mysql:5.0.66:*:*:*:*:*:*:*
Matching versions
Yassl » Yassl
Versions up to, including, (<=) 1.7.5
cpe:2.3:a:yassl:yassl:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 6.06 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 6.10
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 7.04
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 7.10
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Matching versions