MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt

Identification

Id	13713
Alert	MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt
Classification	attempted-user

Trigger

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Affected systems

yaSSL yaSSL 1.7.5

Impacts

Denial of Service. Information disclosure. Loss of integrity. Complete admin access.

False positives

None known

Scenario

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Example

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Corrective actions

Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.

Snort-alerts/MYSQL-yaSSL-SSLv2-Client-Hello-Message-Challenge-Buffer-Overflow-attempt

Contents

MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt

Identification

Trigger

Affected systems

Impacts

False positives

Scenario

Example

Corrective actions

Share your opinion

Navigation menu

Snort-alerts/MYSQL-yaSSL-SSLv2-Client-Hello-Message-Challenge-Buffer-Overflow-attempt

MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt

Identification

Trigger

Affected systems

Impacts

False positives

Scenario

Example

Corrective actions

Share your opinion

Navigation menu

Search