CVE-2010-3493

2010-10-1900:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.115 Low

EPSS

Percentile

95.2%

JSON

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6,
2.7, 3.1, and 3.2 alpha allow remote attackers to cause a denial of service
(daemon outage) by establishing and then immediately closing a TCP
connection, leading to the accept function having an unexpected return
value of None, an unexpected value of None for the address, or an
ECONNABORTED, EAGAIN, or EWOULDBLOCK error, or the getpeername function
having an ENOTCONN error, a related issue to CVE-2010-3492.

Bugs

<http://bugs.python.org/issue9129>

Notes

Author	Note
jdstrand	python3.1 on Ubuntu 10.10 has additional patches on top of 3.1.2, including a fix for this issue

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchpython2.4< 2.4.5-1ubuntu4.4UNKNOWN
ubuntu8.04noarchpython2.5< 2.5.2-2ubuntu6.2UNKNOWN
ubuntu10.04noarchpython2.6< 2.6.5-1ubuntu6.1UNKNOWN
ubuntu10.04noarchpython3.1< 3.1.2-0ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	python2.4	< 2.4.5-1ubuntu4.4	UNKNOWN
ubuntu	8.04	noarch	python2.5	< 2.5.2-2ubuntu6.2	UNKNOWN
ubuntu	10.04	noarch	python2.6	< 2.6.5-1ubuntu6.1	UNKNOWN
ubuntu	10.04	noarch	python3.1	< 3.1.2-0ubuntu3.1	UNKNOWN