CVE-2010-3493: smtpd race conditions

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

  • Disclosure date: 2009-08-14 (Python issue #6706 reported)

Fixed In

Python issue

asyncore’s accept() is broken.

  • Python issue: issue #6706
  • Creation date: 2009-08-14
  • Reporter: Giampaolo Rodola’

CVE-2010-3493

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

Timeline

Timeline using the disclosure date 2009-08-14 as reference:

  • 2009-08-14: Python issue #6706 reported by Giampaolo Rodola’
  • 2010-10-19 (+431 days): CVE-2010-3493 published
  • 2010-11-01 (+444 days): commit 19e9fef
  • 2010-11-01 (+444 days): commit 5ea3d0f
  • 2010-11-27 (+470 days): Python 2.7.1 released
  • 2010-11-27 (+470 days): Python 3.1.3 released
  • 2011-07-10 (+695 days): Python 3.2.1 released
  • 2012-09-29: Python 3.3.0 released