Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 31 Jan 1996 10:54:27 -0800
From:      Paul Traina <pst@cisco.com>
To:        security@freebsd.org, wollman@freebsd.org
Subject:   [cisco.external.bugtraq] Re: BoS: bind() Security Problems
Message-ID:  <199601311854.KAA05100@puli.cisco.com>
next in thread | raw e-mail | index | archive | help 
Yuck, I hate to think of what we're going to break when we fix this, but
we should definitely fix this, otherwise users can hose NFS & friends.

Paul

p.s. I haven't looked at our code yet to verify this bug.

------- Forwarded Message

From: Bernd.Lehle@rus.uni-stuttgart.de (Bernd Lehle)
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
Newsgroups: cisco.external.bugtraq
Subject: Re: BoS: bind() Security Problems
Date: 31 Jan 1996 04:18:29 PST
Organization: Internet-USENET Gateway at cisco Systems
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

>
>
>               System Call: bind()
>   Affected Operating System: Linux, SunOS, FreeBSD, BSDI, Ultrix
>                            Probably others.
>               Requirement: account on system.
>       Security Compromise: Stealing packets from
>                            nfsd, yppasswd, ircd, etc.
>                   Credits: *Hobbit* <hobbit@avian.org>
>                            bitblt <bitblt@infosoc.com>
>                            Aleph One <aleph1@underground.org>
>                  Synopsis: bind() does not properly check
>                            to make sure there is not a socket
>                            already bound to INADDR_ANY on the same
>                            port when binding to a specific address.
>

IRIX 5.3 is vulnerable, too.

> Exploit:
[..]
> Run netcat:
>
> w00p% nc -v -v -u -s 192.88.209.5 -p 2049
> listening on [192.88.209.5] 2049 ...

To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667

--
> Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
>       Visualization / SFB 382 / Astrophysics       *  is a machine   <
> lehle@rus.uni-stuttgart.de   Tel:+49-711-685-5531  *  that runs an   <
>   http://www.tat.physik.uni-tuebingen.de/~lehle    *  endless loop   <
>  pgp? -> finger bernd@visbl.rus.uni-stuttgart.de   *  in 2 seconds   <

------- End of Forwarded Message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601311854.KAA05100>