CVE-2010-3492: The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
CVE-2010-3493: Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
Dates:
Disclosure date: 2009-08-14 (Python issue bpo-6706 reported)
Python 2.7.1 (2010-11-27) fixed by commit 19e9fef (branch 2.7) (2010-11-01)
Python 3.1.3 (2010-11-27) fixed by commit 5ea3d0f (branch 3.1) (2010-11-01)
Python 3.2.0 (2011-02-20) fixed by commit 977c707 (branch 3.2) (2010-10-04)
asyncore’s accept() is broken.
Python issue: bpo-6706
Creation date: 2009-08-14
Reporter: Giampaolo Rodola’
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
CVE ID: CVE-2010-3492
Published: 2010-10-19
CVSS Score: 5.0
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
CVE ID: CVE-2010-3493
Published: 2010-10-19
CVSS Score: 4.3
Timeline using the disclosure date 2009-08-14 as reference:
2009-08-14: Python issue bpo-6706 reported by Giampaolo Rodola’
2010-10-04 (+416 days): commit 977c707 (branch 3.2)
2010-10-19 (+431 days): CVE-2010-3492 published
2010-10-19 (+431 days): CVE-2010-3493 published
2010-11-01 (+444 days): commit 19e9fef (branch 2.7)
2010-11-01 (+444 days): commit 5ea3d0f (branch 3.1)
2010-11-27 (+470 days): Python 2.7.1 released
2010-11-27 (+470 days): Python 3.1.3 released
2011-02-20: Python 3.2.0 released
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4