MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt
|Alert||MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt|
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
yaSSL yaSSL 1.7.5
Denial of Service. Information disclosure. Loss of integrity. Complete admin access.
- Upgrade to the latest non-affected version of the software.
- Apply the appropriate vendor supplied patches.