Zope Object Database ZEO Server Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Zope Object Database and is prone to denial of service vulnerability.

Impact

Successful exploitation will let the remote unauthenticated attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to version of Zope Object Database (ZODB) 3.10.0 or later For updates refer to http://www.zodb.org/ Also apply the patch from, http://launchpadlibrarian.net/10338640/patch.diff

Insight

The flaw is caused by input validation error in file 'ZEO/StorageServer.py' in 'notifyConnected()' function, when an unexpected value of None for the address or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error encountered.

Affected

Zope Object Database (ZODB) before 3.10.0

References

http://secunia.com/advisories/41755
http://www.openwall.com/lists/oss-security/2010/09/24/3
https://bugs.launchpad.net/zodb/+bug/135108

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3495

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

ArGoSoft FTP Server XCWD Overflow
ClamAV 'cli_pdf()' PDF File Processing Denial Of Service Vulnerability
CUPS Denial of Service Vulnerability - Jun09
DB2 discovery service DOS
Active Perl Denial of Service Vulnerability Feb 2014 (Windows)

Zope Object Database ZEO Server Denial of Service Vulnerability

Take action and discover your vulnerabilities