|
|
Status: Draft Weakness ID: 605 (Weakness Base)Description Summary When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed. Common Consequences Packets from a variety of network services may be stolen or the services spoofed. Potential Mitigations Restrict server socket address to known local addresses. Demonstrative Examples #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <unistd.h> #include <stdio.h> #include <arpa/inet.h> void bind_socket(void) { int server_sockfd; int server_len; struct sockaddr_in server_address; unlink("server_socket"); server_sockfd = socket(AF_INET, SOCK_STREAM, 0); server_address.sin_family = AF_INET; server_address.sin_port = 21; server_address.sin_addr.s_addr = htonl(INADDR_ANY); server_len = sizeof(struct sockaddr_in); bind(server_sockfd, (struct sockaddr *) &s1,
server_len); Other Notes On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound width INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its udp packets/tcp connection. Relationships
Taxonomy Mappings
Applicable Platforms Languages All Time of Introduction  Architecture and Design Implementation OperationContent History Submissions Anonymous Tool Vendor (under NDA). (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings Previous Entry Names Multiple Binds to Same Port (changed 2008-04-11) |
|
|
|||
