New submission from Jan Lieskovsky ian...@seznam.cz:
A denial of service flaw was found in the way Simple XML-RPC Server module of
Python processed client connections, that were closed prior the complete
request body has been received. A remote attacker could use this flaw to cause
Python
Changes by Ralf Schmitt python-b...@systemexit.de:
--
nosy: +schmir
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___
___
Python-bugs-list
Changes by Ezio Melotti ezio.melo...@gmail.com:
--
nosy: +ezio.melotti, loewis
stage: - needs patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___
Jan Lieskovsky ian...@seznam.cz added the comment:
CVE request:
[2] http://www.openwall.com/lists/oss-security/2012/02/13/3
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___
Changes by Florent Xicluna florent.xicl...@gmail.com:
--
components: +XML
nosy: +flox
versions: +Python 3.3
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___
Changes by Ross Lagerwall rosslagerw...@gmail.com:
--
nosy: +rosslagerwall
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___
___
Changes by Dave Malcolm dmalc...@redhat.com:
--
nosy: +dmalcolm
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___
___
Python-bugs-list
Charles-François Natali neolo...@free.fr added the comment:
SimpleXMLRPCRequestHandler.do_POST() is simply looping on EOF.
The patch attached fixes this (the server doesn't seem to generate an error in
response to this partial request though).
--
keywords: +patch
nosy: +neologix
Added
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue14001
___