[issue9129] DoS smtpd module vulnerability

2010-12-07 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: Fixed for Python 2.6 in r87123. Closing out as fixed. -- resolution: -> fixed status: open -> closed ___ Python tracker ___

[issue9129] DoS smtpd module vulnerability

2010-12-07 Thread Barry A. Warsaw
Barry A. Warsaw added the comment: I'm okay classifying this as a security bug that should be fixed in the 2.6 tree. -- ___ Python tracker ___ __

[issue9129] DoS smtpd module vulnerability

2010-09-08 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: Reopening. I'll backport this at some point during this week, I hope. -- resolution: fixed -> status: closed -> open ___ Python tracker ___

[issue9129] DoS smtpd module vulnerability

2010-09-08 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: You're right, I'm sorry. I looked at "Versions" field which has 2.6 set but it's not correct. -- ___ Python tracker ___

[issue9129] DoS smtpd module vulnerability

2010-09-08 Thread Arfrever Frehtes Taifersar Arahesis
Arfrever Frehtes Taifersar Arahesis added the comment: No, it isn't in 2.6 branch. -- ___ Python tracker ___ ___ Python-bugs-list mail

[issue9129] DoS smtpd module vulnerability

2010-09-06 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: This is already in 2.6 branch. -- ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubs

[issue9129] DoS smtpd module vulnerability

2010-09-04 Thread Arfrever Frehtes Taifersar Arahesis
Arfrever Frehtes Taifersar Arahesis added the comment: Security fixes are allowed in 2.6 branch, so could you backport the fix also to 2.6 branch? -- versions: +Python 2.6 ___ Python tracker __

[issue9129] DoS smtpd module vulnerability

2010-08-24 Thread Arfrever Frehtes Taifersar Arahesis
Changes by Arfrever Frehtes Taifersar Arahesis : -- nosy: +Arfrever ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubscrib

[issue9129] DoS smtpd module vulnerability

2010-08-23 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: Fixed in r84289. -- resolution: -> fixed status: open -> closed ___ Python tracker ___ ___ Pytho

[issue9129] DoS smtpd module vulnerability

2010-08-21 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: Being not easy to patch asyncore in a retro-compatible way here's a patch for smtpd instead which can be applied to python 2.7, 3.1 and 3.2. Tested with nmap as shown in my first message on both Linux and FreeBSD and not exceptions are raised. -- a

[issue9129] DoS smtpd module vulnerability

2010-06-30 Thread Giampaolo Rodola'
Giampaolo Rodola' added the comment: It would be ideal to solve this issue in asyncore.py by fixing dispatcher.accept() once and for all, but I'm not sure whether this can be done in a fully retro-compatible way in terms of asyncore API. Alternatively SMTPServer.handle_accept() can be fixed i

[issue9129] DoS smtpd module vulnerability

2010-06-30 Thread Giampaolo Rodola'
New submission from Giampaolo Rodola' : Steps to reproduce the issue: - in one shell run: "python -m smtpd -n" - in another one run: "for i in {1..1000};do nmap -sT -p 8025 localhost;done" The server will print out the following output and just quit (DoS): giampa...@ubuntu:~/svn/python-2.7$ ./