Snort-alerts/MYSQL-yaSSL-SSLv2-Client-Hello-Message-Challenge-Buffer-Overflow-attempt

From aldeid
Jump to: navigation, search

MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt

Identification

Id 13713
Alert MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt
Classification attempted-user

Trigger

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Affected systems

yaSSL yaSSL 1.7.5

Impacts

Denial of Service. Information disclosure. Loss of integrity. Complete admin access.

False positives

None known

Scenario

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Example

Incomplete.png
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Corrective actions

  • Upgrade to the latest non-affected version of the software.
  • Apply the appropriate vendor supplied patches.