Bug 24469

Summary: CVE-2010-3493: smtpd module denial of service vulnerabilities
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: python-modulesAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: cow, evg, george, glebfm, imz, real.altlinux.org
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3493

Description Vladimir Lettiev 2010-11-01 10:27:54 MSK 
Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error

fixed in r84289: http://svn.python.org/view?rev=84289&view=rev (not yet backported to 2.6)
Comment 1 real@altlinux.org 2011-03-26 19:22:34 MSK 
"not yet backported to 2.6"

А когда и где будет?
Comment 2 Evgenii Terechkov 2015-11-13 09:26:41 MSK 
Я так понимаю, в 2.7 уже починено.