Message 152103 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	johzimme
Recipients	johzimme
Date	2012-01-27.17:33:52
SpamBayes Score	5.870693e-11
Marked as misclassified	No
Message-id	<1327685633.34.0.235701506916.issue13891@psf.upfronthosting.co.za>
In-reply-to

Content
Python's socket module as included in Ubuntu Lucid (python version 2.6.5) does not correctly handle and exclude malformed UDP packets. This means that UDP listening programs written in python on this version are susceptible to malformed-UDP-packet based DoS attacks which cause severe CPU spikes in the python process. The spikes to recover once the attacks cease. If malformed UDP packets are properly identified in the library and excluded this will protect all UDP listening software written in python and using the standard sockets module from similar attacks. Currently all such software is vulnerable to such attacks.

Python's socket module as included in Ubuntu Lucid (python version 2.6.5) does not correctly handle and exclude malformed UDP packets. This means that UDP listening programs written in python on this version are susceptible to malformed-UDP-packet based DoS attacks which cause severe CPU spikes in the python process. The spikes to recover once the attacks cease. If malformed UDP packets are properly identified in the library and excluded this will protect all UDP listening software written in python and using the standard sockets module from similar attacks. Currently all such software is vulnerable to such attacks.

History
Date	User	Action	Args
2012-01-27 17:33:53	johzimme	set	recipients: + johzimme
2012-01-27 17:33:53	johzimme	set	messageid: <1327685633.34.0.235701506916.issue13891@psf.upfronthosting.co.za>
2012-01-27 17:33:52	johzimme	link	issue13891 messages
2012-01-27 17:33:52	johzimme	create