[New-bugs-announce] [issue13891] CPU DoS With Python's socket module
John Zimmerman
report at bugs.python.org
Fri Jan 27 18:33:53 CET 2012
New submission from John Zimmerman <johzimme at cisco.com>:
Python's socket module as included in Ubuntu Lucid (python version 2.6.5) does not correctly handle and exclude malformed UDP packets. This means that UDP listening programs written in python on this version are susceptible to malformed-UDP-packet based DoS attacks which cause severe CPU spikes in the python process. The spikes to recover once the attacks cease. If malformed UDP packets are properly identified in the library and excluded this will protect all UDP listening software written in python and using the standard sockets module from similar attacks. Currently all such software is vulnerable to such attacks.
----------
components: Library (Lib)
messages: 152103
nosy: johzimme
priority: normal
severity: normal
status: open
title: CPU DoS With Python's socket module
type: security
versions: Python 2.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue13891>
_______________________________________
More information about the New-bugs-announce
mailing list