.. _smtpd-accept-bug-and-race-condition: smtpd accept bug and race condition =================================== .. warning:: This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**. The `canonical database for vulnerabilities affecting Python `_ is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the `Open Source Vulnerability Database `_. CVE-2010-3492: The ``asyncore`` module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. CVE-2010-3493: Multiple race conditions in ``smtpd.py`` in the ``smtpd`` module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. Dates: * Disclosure date: **2009-08-14** (Python issue bpo-6706 reported) Fixed In -------- * Python **2.7.1** (2010-11-27) fixed by `commit 19e9fef (branch 2.7) `_ (2010-11-01) * Python **3.1.3** (2010-11-27) fixed by `commit 5ea3d0f (branch 3.1) `_ (2010-11-01) * Python **3.2.0** (2011-02-20) fixed by `commit 977c707 (branch 3.2) `_ (2010-10-04) Python issue ------------ asyncore's accept() is broken. * Python issue: `bpo-6706 `_ * Creation date: 2009-08-14 * Reporter: Giampaolo Rodola' CVE-2010-3492 ------------- The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. * CVE ID: `CVE-2010-3492 `_ * Published: 2010-10-19 * `CVSS Score `_: 5.0 CVE-2010-3493 ------------- Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. * CVE ID: `CVE-2010-3493 `_ * Published: 2010-10-19 * `CVSS Score `_: 4.3 Timeline -------- Timeline using the disclosure date **2009-08-14** as reference: * 2009-08-14: `Python issue bpo-6706 `_ reported by Giampaolo Rodola' * 2010-10-04 (**+416 days**): `commit 977c707 (branch 3.2) `_ * 2010-10-19 (**+431 days**): CVE-2010-3492 published * 2010-10-19 (**+431 days**): CVE-2010-3493 published * 2010-11-01 (**+444 days**): `commit 19e9fef (branch 2.7) `_ * 2010-11-01 (**+444 days**): `commit 5ea3d0f (branch 3.1) `_ * 2010-11-27 (**+470 days**): Python 2.7.1 released * 2010-11-27 (**+470 days**): Python 3.1.3 released * 2011-02-20: Python 3.2.0 released Links ----- * https://nvd.nist.gov/vuln/detail/CVE-2010-3492/ * https://nvd.nist.gov/vuln/detail/CVE-2010-3493/