Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: ZODB, denial of service on Mac OS X

October 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

When Zope Object Database is installed on Mac OS X, an attacker
can interrupt the network session, in order to stop the service.

 Severity: 1/4
 Creation date: 12/10/2010

DESCRIPTION OF THE VULNERABILITY

The ZODB (Zope Object Database) product stores Python objects in a
database. These objects can be stored in a remote database, via
the ZEO (Zope Enterprise Objects) protocol.

The Python socket.accept() function is called after the TCP
handshake, to initialize the session socket, newly created by the
client. If the client sends a TCP RST after the end of the
handshake, the socket.accept() function returns "None". However,
ZODB does not handle this case, and it stops.

When Zope Object Database is installed on Mac OS X, an attacker
can therefore interrupt the network session, in order to stop the
service.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/ZODB-denial-of-service-on-Mac-OS-X-10015


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts