smtpd accept bug and race condition¶
Warning
This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.
The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This database can be viewed online at the Open Source Vulnerability Database.
CVE-2010-3492: The asyncore
module in Python before 3.2 does not properly handle
unsuccessful calls to the accept function, and does not have accompanying
documentation describing how daemon applications should handle unsuccessful
calls to the accept function, which makes it easier for remote attackers to
conduct denial of service attacks that terminate these applications via
network connections.
CVE-2010-3493: Multiple race conditions in smtpd.py
in the smtpd
module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of
service (daemon outage) by establishing and then immediately closing a TCP
connection, leading to the accept function having an unexpected return
value of None, an unexpected value of None for the address, or an
ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function
having an ENOTCONN error, a related issue to CVE-2010-3492.
Dates:
- Disclosure date: 2009-08-14 (Python issue bpo-6706 reported)
Fixed In¶
- Python 2.7.1 (2010-11-27) fixed by commit 19e9fef (branch 2.7) (2010-11-01)
- Python 3.1.3 (2010-11-27) fixed by commit 5ea3d0f (branch 3.1) (2010-11-01)
- Python 3.2.0 (2011-02-20) fixed by commit 977c707 (branch 3.2) (2010-10-04)
Python issue¶
asyncore’s accept() is broken.
- Python issue: bpo-6706
- Creation date: 2009-08-14
- Reporter: Giampaolo Rodola’
CVE-2010-3492¶
The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
- CVE ID: CVE-2010-3492
- Published: 2010-10-19
- CVSS Score: 5.0
CVE-2010-3493¶
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
- CVE ID: CVE-2010-3493
- Published: 2010-10-19
- CVSS Score: 4.3
Timeline¶
Timeline using the disclosure date 2009-08-14 as reference:
- 2009-08-14: Python issue bpo-6706 reported by Giampaolo Rodola’
- 2010-10-04 (+416 days): commit 977c707 (branch 3.2)
- 2010-10-19 (+431 days): CVE-2010-3492 published
- 2010-10-19 (+431 days): CVE-2010-3493 published
- 2010-11-01 (+444 days): commit 19e9fef (branch 2.7)
- 2010-11-01 (+444 days): commit 5ea3d0f (branch 3.1)
- 2010-11-27 (+470 days): Python 2.7.1 released
- 2010-11-27 (+470 days): Python 3.1.3 released
- 2011-02-20: Python 3.2.0 released