Bugtraq mailing list archives

Re: Bug Serious problem in NEC SOCKS server

From: xomox () BORIS EDEN COM (Matt Bush)
Date: Fri, 9 May 1997 14:52:15 -0500


The following bug is present at *least* in Socks5 beta-0.17.2 from NEC.  Other
versions haven't been tested, but they are most likely vulnerable as well

[ ... ]


Workarounds:

* Use mktemp to generate a unique temp file name and redirect socks to that
* The source is available, recompile *without* PID file support
* Create /tmp/socks5.pid (as root) and make sure that ordinary users can't
remove it

Or, better yet, write the pidfile in a non-sticky directory, such
as /var/run (on bsd systems).

Trevor Schroeder                    tschroed () cheetah wsc edu


  -Matt

Current thread:

Irix: misc Yuri Volobuev (May 07)
- Re: Irix: misc J.A. Gutierrez (May 08)
- Re: Irix: misc Jaechul Choe (May 08)
- SGI Security Advisory 19961203-02-PX - IRIX netprint Program SGI Security Coordinator (May 08)
- Bug Serious problem in NEC SOCKS server Trevor Schroeder (May 09)
  - Re: Bug Serious problem in NEC SOCKS server Matt Bush (May 09)
  - Windows 95/NT DoS myst (May 09)
    - More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps Joe Zbiciak (May 10)
    - Re: More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps kevin brintnall (May 10)
    - Re: Windows 95/NT DoS Albert Siersema (May 10)
    - Re: Windows 95/NT DoS DiGennaro (May 10)
    - Re: Windows 95/NT DoS Alan Cox (May 11)
    - OOB Quick Fix Aleph One (May 10)
    - Microsoft PowerPoint Security Fix Aleph One (May 10)
    - Re: Windows 95/NT DoS Mikael Brandstrom (May 10)
- Another bug in Explorer Aleph One (May 09)

(Thread continues...)