Bugtraq mailing list archives
Re: Bug Serious problem in NEC SOCKS server
From: xomox () BORIS EDEN COM (Matt Bush)
Date: Fri, 9 May 1997 14:52:15 -0500
The following bug is present at *least* in Socks5 beta-0.17.2 from NEC. Other versions haven't been tested, but they are most likely vulnerable as well
[ ... ]
Workarounds: * Use mktemp to generate a unique temp file name and redirect socks to that * The source is available, recompile *without* PID file support * Create /tmp/socks5.pid (as root) and make sure that ordinary users can't remove it
Or, better yet, write the pidfile in a non-sticky directory, such as /var/run (on bsd systems).
Trevor Schroeder tschroed () cheetah wsc edu
-Matt
Current thread:
- Irix: misc Yuri Volobuev (May 07)
- Re: Irix: misc J.A. Gutierrez (May 08)
- Re: Irix: misc Jaechul Choe (May 08)
- SGI Security Advisory 19961203-02-PX - IRIX netprint Program SGI Security Coordinator (May 08)
- Bug Serious problem in NEC SOCKS server Trevor Schroeder (May 09)
- Re: Bug Serious problem in NEC SOCKS server Matt Bush (May 09)
- Windows 95/NT DoS myst (May 09)
- More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps Joe Zbiciak (May 10)
- Re: More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps kevin brintnall (May 10)
- Re: Windows 95/NT DoS Albert Siersema (May 10)
- Re: Windows 95/NT DoS DiGennaro (May 10)
- Re: Windows 95/NT DoS Alan Cox (May 11)
- OOB Quick Fix Aleph One (May 10)
- Microsoft PowerPoint Security Fix Aleph One (May 10)
- Re: Windows 95/NT DoS Mikael Brandstrom (May 10)