MySQL yaSSL SSL Hello message buffer overflow

Added: 03/10/2008
CVE: CVE-2008-0226
BID: 27140
OSVDB: 41935

Background

MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default.

Problem

A buffer overflow vulnerability in the ProcessOldClientHello function in yaSSL allows an attacker to execute arbitrary commands by sending a specially crafted Hello packet to the MySQL server.

Resolution

Upgrade to MySQL 5.1.23 or higher.

References

http://www.securityfocus.com/archive/1/485810

Limitations

Exploit works on MySQL Server 5.0.20a. The target MySQL server must be configured to use an SSL certificate.

Platforms

Windows 2000
Windows Server 2003
Linux

Back to exploit index