Zope Object Database ZEO Server Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Zope Object Database and is prone to denial of service vulnerability.

Impact

Successful exploitation will let the remote unauthenticated attackers to cause a denial of service. Impact Level: Application

Solution

Upgrade to version of Zope Object Database (ZODB) 3.10.0 or later For updates refer to http://www.zodb.org/ Also apply the patch from, http://launchpadlibrarian.net/10338640/patch.diff

Insight

The flaw is caused by input validation error in file 'ZEO/StorageServer.py' in 'notifyConnected()' function, when an unexpected value of None for the address or an ECONNABORTED, EAGAIN, or EWOULDBLOCK error encountered.

Affected

Zope Object Database (ZODB) before 3.10.0

References

http://secunia.com/advisories/41755
http://www.openwall.com/lists/oss-security/2010/09/24/3
https://bugs.launchpad.net/zodb/+bug/135108

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3495
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Eggdrop 'ctcpbuf' Remote Denial Of Service Vulnerability
Apache Input Header Folding and mod_ssl ssl_io_filter_cleanup DoS Vulnerabilities
F-PROT Antivirus Multiple Vulnerabilities
Apache Traffic Server HTTP Host Header Denial of Service Vulnerability
DB2 DOS

Zope Object Database ZEO Server Denial of Service Vulnerability

Take action and discover your vulnerabilities