CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

• http://bugs.mysql.com/33814
• http://dev.mysql.com/doc/refman/5.1/en/news-5-1-23.html
• http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
• http://secunia.com/advisories/28324
• http://secunia.com/advisories/28419
• http://secunia.com/advisories/28597
• http://secunia.com/advisories/29443
• http://secunia.com/advisories/32222
• http://securityreason.com/securityalert/3531
• http://support.apple.com/kb/HT3216
• http://www.debian.org/security/2008/dsa-1478
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:150
• http://www.securityfocus.com/archive/1/485810/100/0/threaded
• http://www.securityfocus.com/archive/1/485811/100/0/threaded
• http://www.securityfocus.com/bid/27140
• http://www.securityfocus.com/bid/31681
• http://www.ubuntu.com/usn/usn-588-1
• http://www.vupen.com/english/advisories/2008/0560/references
• http://www.vupen.com/english/advisories/2008/2780
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39429
• https://exchange.xforce.ibmcloud.com/vulnerabilities/39431