Vulnerability Name: | CVE-2010-3492 (CCN-61840) |
Assigned: | 2010-09-13 |
Published: | 2010-09-13 |
Updated: | 2019-10-29 |
Summary: | The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Low |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): None Availibility (A): Partial |
|
Vulnerability Type: | CWE-Other
|
Vulnerability Consequences: | Denial of Service |
References: | Source: CCN Type: python Issue6706 asyncore's accept() is broken
Source: CONFIRM Type: Patch, Vendor Advisory http://bugs.python.org/issue6706
Source: MITRE Type: CNA CVE-2010-3492
Source: MITRE Type: CNA CVE-2010-3975
Source: MITRE Type: CNA CVE-2010-3976
Source: CCN Type: SA41279 Python asyncore Module accept() Denial of Service Vulnerability
Source: CCN Type: GLSA-201101-09 Adobe Flash Player: Multiple vulnerabilities
Source: MANDRIVA Type: Third Party Advisory MDVSA-2010:215
Source: MANDRIVA Type: Third Party Advisory MDVSA-2010:216
Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases
Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases
Source: CCN Type: OSVDB ID: 68098 Python asyncore Module accept() Method Incorrect Error Handling DoS
Source: CCN Type: OSVDB ID: 68696 pyftpdlib ftpserver.py FTPHandler Class Race Condition TCP Connection Termination Multiple Error Remote DoS
Source: CCN Type: OSVDB ID: 68737 Adobe Flash Player Path Subversion Arbitrary DLL Injection Code Execution
Source: CCN Type: OSVDB ID: 68738 Python asyncore Module Accept Function Call Network Connection Application Termination DoS
Source: CCN Type: OSVDB ID: 68739 Python smptd Module smtpd.py Race Condition TCP Connection Termination Multiple Error Remote DoS
Source: CCN Type: Python Web site Python Programming Language -- Official Website
Source: CCN Type: BID-43233 Python Asyncore Module 'accept()' function Remote Denial of Service Vulnerability
Source: CCN Type: BID-44671 Adobe Flash Player DLL Loading Arbitrary Code Execution Vulnerability
Source: XF Type: UNKNOWN python-accept-dos(61840)
Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:12111
Source: SUSE Type: SUSE-SA:2010:055 Adobe Flash Player security problems
|
Vulnerable Configuration: | Configuration 1: cpe:/a:python:python:*:*:*:*:*:*:*:* (Version <= 2.7)OR cpe:/a:python:python:*:*:*:*:*:*:*:* (Version >= 3.0 and < 3.1.2) Configuration CCN 1: cpe:/a:python:python:1.5.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:*OR cpe:/a:python:python:1.6:*:*:*:*:*:*:*OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.0:*:*:*:*:*:*:*OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:*OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:*OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:*OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:*OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.5.2:*:*:*:*:*:*:*OR cpe:/a:python:python:2.3.7:*:*:*:*:*:*:*OR cpe:/a:python:python:2.4.6:*:*:*:*:*:*:*OR cpe:/a:python:python:2.5.4:*:*:*:*:*:*:*OR cpe:/a:python:python:2.5.3:*:*:*:*:*:*:*OR cpe:/a:python:python:3.0.1:*:*:*:*:*:*:*OR cpe:/a:python:python:0.9.0:*:*:*:*:*:*:*OR cpe:/a:python:python:0.9.1:*:*:*:*:*:*:*OR cpe:/a:python:python:1.2:*:*:*:*:*:*:*OR cpe:/a:python:python:1.3:*:*:*:*:*:*:*OR cpe:/a:python:python:2.6.0:*:*:*:*:*:*:*OR cpe:/a:python:python:2.6.1:*:*:*:*:*:*:*OR cpe:/a:python:python:2.6.4:*:*:*:*:*:*:*OR cpe:/a:python:python:3.0:-:*:*:*:*:*:*OR cpe:/a:python:python:3.1.1:-:*:*:*:*:*:*OR cpe:/a:python:python:2.7.0:*:*:*:*:*:*:*OR cpe:/a:python:python:3.1.2:-:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |