Vigil@nce - Python: denial of service via SimpleXMLRPCServer
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can interrupt a query to the Python SimpleXMLRPCServer
module, in order to generate an infinite loop.
Severity: 2/4
Creation date: 13/02/2012
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The Python SimpleXMLRPCServer (Python v2) or xmlrpc.server (Python
v3) module implements a simple XML-RPC server.
The SimpleXMLRPCServer() method creates a server instance, in
order to process queries. However, if the connection is
interrupted before all data has been transmitted, an infinite loop
occurs in SimpleXMLRPCServer.
An attacker can therefore interrupt a query to the Python
SimpleXMLRPCServer module, in order to generate an infinite loop.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Python-denial-of-service-via-SimpleXMLRPCServer-11356