CVE-2010-3492

Related Files

Gentoo Linux Security Advisory 201401-04

Posted Jan 6, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-4 - Multiple vulnerabilities have been found in Python, worst of which allows remote attackers to cause a Denial of Service condition. Versions less than 3.3.2-r1 are affected.

tags | advisory, remote, denial of service, vulnerability, python

systems | linux, gentoo

advisories | CVE-2010-1634, CVE-2010-2089, CVE-2010-3492, CVE-2010-3493, CVE-2011-1015, CVE-2012-0845, CVE-2012-1150, CVE-2013-2099

SHA-256 | ea1459ef6b2a4cd82ae9954fd97f9d0188e19037466f94dc888a2a8b46709ebc

Download | Favorite | View

Mandriva Linux Security Advisory 2010-216

Posted Nov 2, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-216 - The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492. The updated packages have been patched to correct these issues.

tags | advisory, remote, denial of service, tcp, python

systems | linux, mandriva

advisories | CVE-2010-3492, CVE-2010-3493

SHA-256 | 08dc10892cba36490ac5b5e90661bbc8ba55862e05766fd0d441d93d242a7b6f

Download | Favorite | View

Mandriva Linux Security Advisory 2010-215

Posted Nov 1, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-215 - Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service via a large ZSIZE value in a black-and-white RGB image that triggers an invalid pointer dereference. Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the expandrow function. The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections. Multiple race conditions in smtpd.py in the smtpd module in Python 2.6, 2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected return value of None, an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function having an ENOTCONN error, a related issue to CVE-2010-3492.

tags | advisory, remote, denial of service, overflow, tcp, python

systems | linux, mandriva

advisories | CVE-2009-4134, CVE-2010-1449, CVE-2010-1450, CVE-2010-3492, CVE-2010-3493

SHA-256 | eaac600dd12a8079009e070b22fa4e731d6d01f52207ddf5ef9db27f19f96f29

Download | Favorite | View