cve-2010-3493
Vulnerability from cvelistv5
Published
2010-10-19 19:00
Modified
2024-08-07 03:11
Severity ?
Summary
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
References
cve@mitre.orghttp://bugs.python.org/issue6706Patch, Vendor Advisory
cve@mitre.orghttp://bugs.python.org/issue9129Patch, Vendor Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
cve@mitre.orghttp://secunia.com/advisories/43068
cve@mitre.orghttp://secunia.com/advisories/50858
cve@mitre.orghttp://secunia.com/advisories/51024
cve@mitre.orghttp://secunia.com/advisories/51040
cve@mitre.orghttp://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289Patch
cve@mitre.orghttp://svn.python.org/view?view=rev&revision=84289
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:215
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:216
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/09/6
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/11/2
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/22/3
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2010/09/24/3
cve@mitre.orghttp://www.securityfocus.com/bid/44533
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1596-1
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1613-1
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1613-2
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0212
cve@mitre.orghttps://bugs.launchpad.net/zodb/+bug/135108
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=632200
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210
af854a3a-2127-422b-91ae-364da2661108http://bugs.python.org/issue6706Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://bugs.python.org/issue9129Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43068
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/50858
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51024
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51040
af854a3a-2127-422b-91ae-364da2661108http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.python.org/view?view=rev&revision=84289
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/09/6
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/11/2
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/22/3
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/09/24/3
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/44533
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1596-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1613-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1613-2
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0212
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/zodb/+bug/135108
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=632200
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:11:44.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289\u0026r2=84288\u0026pathrev=84289"
          },
          {
            "name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=632200"
          },
          {
            "name": "43068",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43068"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/zodb/+bug/135108"
          },
          {
            "name": "ADV-2011-0212",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0212"
          },
          {
            "name": "51040",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51040"
          },
          {
            "name": "oval:org.mitre.oval:def:12210",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210"
          },
          {
            "name": "50858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/50858"
          },
          {
            "name": "MDVSA-2010:216",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.python.org/issue9129"
          },
          {
            "name": "44533",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/44533"
          },
          {
            "name": "SUSE-SR:2011:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
          },
          {
            "name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
          },
          {
            "name": "USN-1596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1596-1"
          },
          {
            "name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.python.org/issue6706"
          },
          {
            "name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
          },
          {
            "name": "USN-1613-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1613-2"
          },
          {
            "name": "SUSE-SR:2010:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.python.org/view?view=rev\u0026revision=84289"
          },
          {
            "name": "51024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/51024"
          },
          {
            "name": "USN-1613-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1613-1"
          },
          {
            "name": "MDVSA-2010:215",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289\u0026r2=84288\u0026pathrev=84289"
        },
        {
          "name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=632200"
        },
        {
          "name": "43068",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43068"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/zodb/+bug/135108"
        },
        {
          "name": "ADV-2011-0212",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0212"
        },
        {
          "name": "51040",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51040"
        },
        {
          "name": "oval:org.mitre.oval:def:12210",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210"
        },
        {
          "name": "50858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/50858"
        },
        {
          "name": "MDVSA-2010:216",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.python.org/issue9129"
        },
        {
          "name": "44533",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/44533"
        },
        {
          "name": "SUSE-SR:2011:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
        },
        {
          "name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
        },
        {
          "name": "USN-1596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1596-1"
        },
        {
          "name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.python.org/issue6706"
        },
        {
          "name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
        },
        {
          "name": "USN-1613-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1613-2"
        },
        {
          "name": "SUSE-SR:2010:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.python.org/view?view=rev\u0026revision=84289"
        },
        {
          "name": "51024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/51024"
        },
        {
          "name": "USN-1613-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1613-1"
        },
        {
          "name": "MDVSA-2010:215",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-3493",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289\u0026r2=84288\u0026pathrev=84289",
              "refsource": "CONFIRM",
              "url": "http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289\u0026r2=84288\u0026pathrev=84289"
            },
            {
              "name": "[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/09/11/2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=632200",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=632200"
            },
            {
              "name": "43068",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43068"
            },
            {
              "name": "https://bugs.launchpad.net/zodb/+bug/135108",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/zodb/+bug/135108"
            },
            {
              "name": "ADV-2011-0212",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0212"
            },
            {
              "name": "51040",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51040"
            },
            {
              "name": "oval:org.mitre.oval:def:12210",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210"
            },
            {
              "name": "50858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/50858"
            },
            {
              "name": "MDVSA-2010:216",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:216"
            },
            {
              "name": "http://bugs.python.org/issue9129",
              "refsource": "CONFIRM",
              "url": "http://bugs.python.org/issue9129"
            },
            {
              "name": "44533",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/44533"
            },
            {
              "name": "SUSE-SR:2011:002",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
            },
            {
              "name": "[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/09/24/3"
            },
            {
              "name": "USN-1596-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1596-1"
            },
            {
              "name": "[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/09/22/3"
            },
            {
              "name": "http://bugs.python.org/issue6706",
              "refsource": "MISC",
              "url": "http://bugs.python.org/issue6706"
            },
            {
              "name": "[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken =\u003e more subcases",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2010/09/09/6"
            },
            {
              "name": "USN-1613-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1613-2"
            },
            {
              "name": "SUSE-SR:2010:024",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
            },
            {
              "name": "http://svn.python.org/view?view=rev\u0026revision=84289",
              "refsource": "CONFIRM",
              "url": "http://svn.python.org/view?view=rev\u0026revision=84289"
            },
            {
              "name": "51024",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/51024"
            },
            {
              "name": "USN-1613-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1613-1"
            },
            {
              "name": "MDVSA-2010:215",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-3493",
    "datePublished": "2010-10-19T19:00:00",
    "dateReserved": "2010-09-24T00:00:00",
    "dateUpdated": "2024-08-07T03:11:44.427Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-3493\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-10-19T20:00:04.283\",\"lastModified\":\"2024-11-21T01:18:51.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples condiciones de carrera en smtpd.py en el m\u00f3dulo smtpd in Python v2.6, v2.7, v3.1 y v3.2 alpha permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de demonio)por establecimiento e inmediatamente cerrando una conexi\u00f3n TCP, llevando la funci\u00f3n accept a devolver un valor inesperado de None, un valor inesperado de None para la direcci\u00f3n, o un error ECONNABORTED, EAGAIN, o EWOULDBLOCK, o la funci\u00f3n getpeername teniendo un error ENOTCONN, tema relacionado con CVE-2010-3492.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"74AC7EE5-F01D-4F28-80D1-4076B7B24BA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C8F3C4-91AB-4AE3-A2FB-A093F97742FD\"}]}]}],\"references\":[{\"url\":\"http://bugs.python.org/issue6706\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://bugs.python.org/issue9129\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/50858\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/51024\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/51040\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289\u0026r2=84288\u0026pathrev=84289\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.python.org/view?view=rev\u0026revision=84289\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:215\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:216\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/09/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/11/2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/22/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/24/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/44533\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1596-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/zodb/+bug/135108\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=632200\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.python.org/issue6706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://bugs.python.org/issue9129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43068\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/50858\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/51024\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/51040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289\u0026r2=84288\u0026pathrev=84289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://svn.python.org/view?view=rev\u0026revision=84289\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/09/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/11/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/22/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/09/24/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/44533\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1596-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-1613-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0212\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/zodb/+bug/135108\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=632200\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.