Bug 24469 - CVE-2010-3493: smtpd module denial of service vulnerabilities
Summary: CVE-2010-3493: smtpd module denial of service vulnerabilities
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: python-modules (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Nobody's working on this, feel free to take it
QA Contact: qa-sisyphus
URL: http://cve.mitre.org/cgi-bin/cvename....
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-11-01 10:27 MSK by Vladimir Lettiev
Modified: 2015-11-13 09:26 MSK (History)
7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-11-01 10:27:54 MSK 
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error

fixed in r84289: http://svn.python.org/view?rev=84289&view=rev (not yet backported to 2.6)
Comment 1 real@altlinux.org 2011-03-26 19:22:34 MSK 
"not yet backported to 2.6"

А когда и где будет?
Comment 2 Evgenii Terechkov 2015-11-13 09:26:41 MSK 
Я так понимаю, в 2.7 уже починено.