Signature Detail

DB: MySQL SSL Hello Message Overflow

This signature detects attempts to exploit a known vulnerability in a MySQL SSL Hello Message. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.

Extended Description

yaSSL is prone to multiple remote buffer-overflow vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the library. Failed attacks will cause denial-of-service conditions. yaSSL 1.7.5 is vulnerable to these issues; other versions are also likely to be affected.

Affected Products

• Apple mac_os_x_server 10.5.5
• Debian linux 4.0
• Debian linux 4.0 Alpha
• Debian linux 4.0 Amd64
• Debian linux 4.0 Arm
• Debian linux 4.0 Hppa
• Debian linux 4.0 Ia-32
• Debian linux 4.0 Ia-64
• Debian linux 4.0 M68k
• Debian linux 4.0 Mips
• Debian linux 4.0 Mipsel
• Debian linux 4.0 Powerpc
• Debian linux 4.0 S/390
• Debian linux 4.0 Sparc
• Mandriva corporate_server 4.0
• Mandriva corporate_server 4.0.0 X86 64
• Mandriva linux_mandrake 2007.1
• Mandriva linux_mandrake 2007.1 X86 64
• Mandriva linux_mandrake 2008.0
• Mandriva linux_mandrake 2008.0 X86 64
• Ubuntu ubuntu_linux 6.06 LTS Amd64
• Ubuntu ubuntu_linux 6.06 LTS I386
• Ubuntu ubuntu_linux 6.06 LTS Powerpc
• Ubuntu ubuntu_linux 6.06 LTS Sparc
• Ubuntu ubuntu_linux 6.10 Amd64
• Ubuntu ubuntu_linux 6.10 I386
• Ubuntu ubuntu_linux 6.10 Powerpc
• Ubuntu ubuntu_linux 6.10 Sparc
• Ubuntu ubuntu_linux 7.04 Amd64
• Ubuntu ubuntu_linux 7.04 I386
• Ubuntu ubuntu_linux 7.04 Powerpc
• Ubuntu ubuntu_linux 7.04 Sparc
• Ubuntu ubuntu_linux 7.10 Amd64
• Ubuntu ubuntu_linux 7.10 I386
• Ubuntu ubuntu_linux 7.10 Powerpc
• Ubuntu ubuntu_linux 7.10 Sparc
• Yassl yassl 1.7.5

References

• BugTraq: 27140
• CVE: CVE-2008-0226
• URL: http://bugs.mysql.com/bug.php?id=33814