Vulnerability Name:

CVE-2010-3492 (CCN-61840)

Assigned:2010-09-13
Published:2010-09-13
Updated:2019-10-29
Summary:The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: CCN
Type: python Issue6706
asyncore's accept() is broken

Source: CONFIRM
Type: Patch, Vendor Advisory
http://bugs.python.org/issue6706

Source: MITRE
Type: CNA
CVE-2010-3492

Source: MITRE
Type: CNA
CVE-2010-3975

Source: MITRE
Type: CNA
CVE-2010-3976

Source: CCN
Type: SA41279
Python asyncore Module accept() Denial of Service Vulnerability

Source: CCN
Type: GLSA-201101-09
Adobe Flash Player: Multiple vulnerabilities

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2010:215

Source: MANDRIVA
Type: Third Party Advisory
MDVSA-2010:216

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20100909 CVE Request -- Python -- accept() implementation in async core is broken => more subcases

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20100910 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20100922 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20100924 Re: CVE Request -- Python -- accept() implementation in async core is broken => more subcases

Source: CCN
Type: OSVDB ID: 68098
Python asyncore Module accept() Method Incorrect Error Handling DoS

Source: CCN
Type: OSVDB ID: 68696
pyftpdlib ftpserver.py FTPHandler Class Race Condition TCP Connection Termination Multiple Error Remote DoS

Source: CCN
Type: OSVDB ID: 68737
Adobe Flash Player Path Subversion Arbitrary DLL Injection Code Execution

Source: CCN
Type: OSVDB ID: 68738
Python asyncore Module Accept Function Call Network Connection Application Termination DoS

Source: CCN
Type: OSVDB ID: 68739
Python smptd Module smtpd.py Race Condition TCP Connection Termination Multiple Error Remote DoS

Source: CCN
Type: Python Web site
Python Programming Language -- Official Website

Source: CCN
Type: BID-43233
Python Asyncore Module 'accept()' function Remote Denial of Service Vulnerability

Source: CCN
Type: BID-44671
Adobe Flash Player DLL Loading Arbitrary Code Execution Vulnerability

Source: XF
Type: UNKNOWN
python-accept-dos(61840)

Source: OVAL
Type: Third Party Advisory
oval:org.mitre.oval:def:12111

Source: SUSE
Type: SUSE-SA:2010:055
Adobe Flash Player security problems

Vulnerable Configuration:Configuration 1:
  • cpe:/a:python:python:*:*:*:*:*:*:*:* (Version <= 2.7)
  • OR cpe:/a:python:python:*:*:*:*:*:*:*:* (Version >= 3.0 and < 3.1.2)

    • Configuration CCN 1:
  • cpe:/a:python:python:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.4.6:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.6.4:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.0:-:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.1.1:-:*:*:*:*:*:*
  • OR cpe:/a:python:python:2.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:python:python:3.1.2:-:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:enterprise_server:5:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*
  • OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:12111
    V
    		Vulnerability in the asyncore module in Python before 3.2
    2013-11-14
    BACK
    python python *
    python python *
    python python 1.5.2
    python python 2.2
    python python 2.2.1
    python python 2.4
    python python 2.5
    python python 1.6
    python python 1.6.1
    python python 2.0
    python python 2.0.1
    python python 2.1
    python python 2.1.1
    python python 2.1.2
    python python 2.1.3
    python python 2.2.2
    python python 2.2.3
    python python 2.3
    python python 2.3.1
    python python 2.3.2
    python python 2.3.3
    python python 2.3.4
    python python 2.3.5
    python python 2.4.1
    python python 2.4.2
    python python 2.4.3
    python python 2.4.4
    python python 2.5.1
    python python 2.5.2
    python python 2.3.7
    python python 2.4.6
    python python 2.5.4
    python python 2.5.3
    python python 3.0.1
    python python 0.9.0
    python python 0.9.1
    python python 1.2
    python python 1.3
    python python 2.6
    python python 2.6.1
    python python 2.6.4
    python python 3.0
    python python 3.1.1
    python python 2.7
    python python 3.1.2
    gentoo linux *
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    mandriva linux 2009.1
    mandriva linux 2009.1
    mandriva enterprise server 5
    mandriva enterprise server 5
    mandriva linux 2010
    mandriva linux 2010