CVE-2010-3493 Information

Description

Multiple race conditions in smtpd.py in the smtpd module in Python 2.6 2.7 3.1 and 3.2 alpha allow remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection leading to the accept function having an unexpected return value of None an unexpected value of None for the address or an ECONNABORTED EAGAIN or EWOULDBLOCK error or the getpeername function having an ENOTCONN error a related issue to CVE-2010-3492.

Reference

http://bugs.python.org/issue6706 http://bugs.python.org/issue9129 http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://secunia.com/advisories/50858 http://secunia.com/advisories/51024 http://secunia.com/advisories/51040 http://svn.python.org/view/python/branches/py3k/Lib/smtpd.py?r1=84289&r2=84288&pathrev=84289 http://svn.python.org/view?view=rev&revision=84289 http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 http://www.mandriva.com/security/advisories?name=MDVSA-2010:216 http://www.openwall.com/lists/oss-security/2010/09/09/6 http://www.openwall.com/lists/oss-security/2010/09/11/2 http://www.openwall.com/lists/oss-security/2010/09/22/3 http://www.openwall.com/lists/oss-security/2010/09/24/3 http://www.securityfocus.com/bid/44533 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1613-2 http://www.vupen.com/english/advisories/2011/0212 https://bugs.launchpad.net/zodb/+bug/135108 https://bugzilla.redhat.com/show_bug.cgi?id=632200 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12210