4.3

CVE-2010-3493

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PythonPython Version3.1
PythonPython Version3.2 Updatealpha
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.77% 0.845
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
http://www.vupen.com/english/advisories/2011/0212
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
http://bugs.python.org/issue6706
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2010/09/09/6
http://www.openwall.com/lists/oss-security/2010/09/11/2
http://www.openwall.com/lists/oss-security/2010/09/22/3
http://www.openwall.com/lists/oss-security/2010/09/24/3
https://bugs.launchpad.net/zodb/+bug/135108
http://www.mandriva.com/security/advisories?name=MDVSA-2010:216
http://bugs.python.org/issue9129
Patch
Vendor Advisory
http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289
Patch
http://svn.python.org/view?view=rev&revision=84289
http://www.securityfocus.com/bid/44533
https://bugzilla.redhat.com/show_bug.cgi?id=632200
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12210