Vulnerability Development mailing list archives
Re: Exploiting any network protocol with secondarydatachannelsopened from the server
From: hdm () SECUREAUSTIN COM (H D Moore)
Date: Sun, 19 Mar 2000 22:37:17 -0600
Ralf-Philipp Weinmann wrote:
java.net.ServerSocket(portnumber) can be used for bind()ing a port. I haven't checked whether you can use this class in an applet however or whether the security manager successfully blocks this route. Note however that you should only be able to bind ports between 1024 and 65535 on un*x boxes (winblows boxes don't have reserved ports). OK. I just tested it and it works (Netscape 4.0x under linux). Bad bad bad. Source code is attached. This of course leads me to even nastier thoughts about what can be done with ServerSocket since it also allows binding to a specific address (interface) - which makes things interesting under Solaris for example.
Could this applet be used to relay connections to an internal network? Say your target is a dual-homed machine and your applet binds to the external interface and then forward connections to an internal address. Is this possible? -HD
Current thread:
- Exploiting any network protocol with secondary data channels opened from the server Mikael Olsson (Mar 17)
- Re: Exploiting any network protocol with secondary data channelsopened from the server Blue Boar (Mar 18)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mikael Olsson (Mar 19)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mr. Pink (Mar 19)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Ralf-Philipp Weinmann (Mar 19)
- Re: Exploiting any network protocol with secondarydatachannelsopened from the server H D Moore (Mar 19)
- Re: Exploiting any network protocol with secondarydatachannelsopened from the server Ralf-Philipp Weinmann (Mar 20)
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mikael Olsson (Mar 19)
- Re: Exploiting any network protocol with secondary data channelsopened from the server Blue Boar (Mar 18)
- Buffer overflow in AIM 3.5.1856 Joe Testa (Mar 19)