Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

yaSSL - Remote hacker automatic control

Version: 1.7.5 and prior.
Technical Details:

The yaSSL SSL implementation has been discovered to be vulnerable to numerous vulnerabilities, allowing up to remote code execution and authentication bypassing.

As yaSSL is included with MySQL, the vulnerabilities recently discovered also weaken other applications.


Luigi Auriemma has discovered numerous vulnerabilities affecting the open source yaSSL SSL implementation. These vulnerabilities include allowing authentication bypass and arbitrary code execution.

These vulnerabilities also affect other products, due to yaSSL being included in products such as MySQL. Exploit code samples have also been released.


There is no current mitigation advice beyond securing access to the ports used by yaSSL (for embedded versions), or replacing it with an alternative SSL implementation.


Not yet Available


Luigi Auriemma (


External Tracking Data:

Not yet Identified

Social bookmark this page