CVE-2010-3492

Vulnerability Description

The asyncore module in Python before 3.2 does not properly handle unsuccessful calls to the accept function, and does not have accompanying documentation describing how daemon applications should handle unsuccessful calls to the accept function, which makes it easier for remote attackers to conduct denial of service attacks that terminate these applications via network connections.

CVSS Score

Affected Products

References

• http://bugs.python.org/issue6706PatchVendor Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:215Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:216Third Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/09/6Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/11/2Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/22/3Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/24/3Mailing ListThird Party Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
• http://bugs.python.org/issue6706PatchVendor Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:215Third Party Advisory
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:216Third Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/09/6Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/11/2Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/22/3Mailing ListThird Party Advisory
• http://www.openwall.com/lists/oss-security/2010/09/24/3Mailing ListThird Party Advisory