[Twisted-Python] Issues stemming from CVE-2014-1912?
https://www.trustedsec.com/february-2014/python-remote-code-execution-socket... identified a remote code execution vulnerability in Python's `Socket.recvfrom_into method`. Some brief grepping around the Twisted source doesn't find this method, but I'd be interested to hear what the maintainers have to say on the matter: is a twisted app which doesn't, itself use this method safe? Dustin
Hi Dustin, This exploit appears to be specific to how received data is written to the already existing buffer, so the _into forms of recv,recvfrom. Even if we assume there's a parallel export for regular recv_into and not just recvfrom_into (which hasn't been shown), Twisted never calls either of the _into forms. As a result, it looks like we're unaffected. hth lvh
On 08:58 am, _@lvh.io wrote:
Hi Dustin,
This exploit appears to be specific to how received data is written to the already existing buffer, so the _into forms of recv,recvfrom. Even if we assume there's a parallel export for regular recv_into and not just recvfrom_into (which hasn't been shown), Twisted never calls either of the _into forms.
As a result, it looks like we're unaffected.
This seems correct to me. Jean-Paul
participants (3)
-
Dustin J. Mitchell
-
exarkun@twistedmatrix.com
-
Laurens Van Houtven