CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.9%
Added: 03/10/2008
CVE: CVE-2008-0226
BID: 27140
OSVDB: 41935
MySQL is an open-source database software package available for multiple platforms. yaSSL is an SSL library. MySQL, if SSL support is enabled, uses yaSSL by default.
A buffer overflow vulnerability in the **ProcessOldClientHello**
function in yaSSL allows an attacker to execute arbitrary commands by sending a specially crafted Hello packet to the MySQL server.
Upgrade to MySQL 5.1.23 or higher.
<http://www.securityfocus.com/archive/1/485810>
Exploit works on MySQL Server 5.0.20a. The target MySQL server must be configured to use an SSL certificate.
Windows 2000
Windows Server 2003
Linux