yaSSL 1.7.5 Buffer Overflow

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote database server.

Description :

The version of MySQL installed on the remote host reportedly allows a
remote user to execute arbitrary code by exploiting a buffer overflow
in yaSSL 1.7.5 or earlier.

See also :

http://bugs.mysql.com/bug.php?id=33814
http://www.securityfocus.com/archive/1/archive/1/485810/100/0/threaded

Solution :

Upgrade to MySQL version 5.0.54a, 5.1.23, 6.0.4 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Databases

Nessus Plugin ID: 17814 ()

Bugtraq ID: 27140

CVE ID: CVE-2008-0226
CVE-2008-0227