Lucene search

PRIOn knowledge basePRION:CVE-2010-3494

HistoryOct 19, 2010 - 8:00 p.m.

Race condition

2010-10-1920:00:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

83.9%

JSON

Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected value of None for the address, or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error, a related issue to CVE-2010-3492.

CPENameOperatorVersion
pyftpdlibeq0.5.0
pyftpdlibeq0.4.0
pyftpdlibeq0.2.0
pyftpdlibeq0.1
pyftpdlibeq0.1.1
pyftpdlible0.5.1
pyftpdlibeq0.3.0

Name	Operator	Version
pyftpdlib	eq	0.5.0
pyftpdlib	eq	0.4.0
pyftpdlib	eq	0.2.0
pyftpdlib	eq	0.1
pyftpdlib	eq	0.1.1
pyftpdlib	le	0.5.1
pyftpdlib	eq	0.3.0

References

bugs.python.org/issue6706

www.openwall.com/lists/oss-security/2010/09/09/6

www.openwall.com/lists/oss-security/2010/09/11/2

www.openwall.com/lists/oss-security/2010/09/22/3

www.openwall.com/lists/oss-security/2010/09/24/3

bugs.launchpad.net/zodb/+bug/135108

code.google.com/p/pyftpdlib/issues/detail?id=104

code.google.com/p/pyftpdlib/issues/detail?id=105

code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY

code.google.com/p/pyftpdlib/source/detail?r=556

code.google.com/p/pyftpdlib/source/diff?spec=svn556&r=556&format=side&path=/trunk/pyftpdlib/ftpserver.py

6.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

83.9%

JSON

Related for PRION:CVE-2010-3494