[New-bugs-announce] [issue9129] DoS smtpd module vulnerability

Giampaolo Rodola' report at bugs.python.org
Wed Jun 30 20:44:27 CEST 2010

New submission from Giampaolo Rodola' <g.rodola at gmail.com>:

Steps to reproduce the issue:

- in one shell run: "python -m smtpd -n"
- in another one run: "for i in {1..1000};do nmap -sT -p 8025 localhost;done"

The server will print out the following output and just quit (DoS):

giampaolo at ubuntu:~/svn/python-2.7$ ./python -m smtpd -n 
error: uncaptured python exception, closing channel <__main__.PureProxy listening localhost:8025 at 0xb74b0f4c> (<class 'socket.error'>:[Errno 107] Transport endpoint is not connected [/home/giampaolo/svn/python-2.7/Lib/asyncore.py|read|79] [/home/giampaolo/svn/python-2.7/Lib/asyncore.py|handle_read_event|430] [/home/giampaolo/svn/python-2.7/Lib/smtpd.py|handle_accept|296] [/home/giampaolo/svn/python-2.7/Lib/smtpd.py|__init__|124] [/home/giampaolo/svn/python-2.7/Lib/socket.py|meth|222])
giampaolo at ubuntu:~/svn/python-2.7$ 

This is due to issue 6706.

components: Library (Lib)
messages: 109003
nosy: giampaolo.rodola
priority: normal
severity: normal
status: open
title: DoS smtpd module vulnerability
type: security
versions: Python 2.6, Python 2.7, Python 3.1, Python 3.2

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list