Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FreeBSD listen()

From: poptix () POPTIX NET (Matthew S. Hallacy)
Date: Sat, 30 Oct 1999 18:22:39 -0500

On Thu, 28 Oct 1999, CyberPsychotic wrote:


~ :This fact causes problems. Some application (for example ftp server in
~ :passive mode or ftp client in active mode) use
~ :listen(data, 1);
~ :accept(data,...);
~ :close(data);
~ :to  limit  the  number of incoming data connections to exactly one. If
~ :second  connection  is not rejected it makes possible attack to inject
~ :or  intercept  data  between  server  and  client  as described in NAI
~ :bulletin

That is a ftp daemon/client(depending whether it's an active or passive
mode), which should take care of accepting only single connection and only
from proper source (which is surprisely being ignored by some daemons,
such as ncftpd f.e.).

Some programs, such as fxp rely on this kind of behaviour, while i agree
that there should be checking, we dont want to break good programs ...


              However even ncftpd closes all the incoming
connections to the port once the first one has been accepted. Same goes
with my ftp client. (shipped r.h. 6.0). So I don't think there're any
security issues except syn-flooding, are involved here.
Previous By Date Next
Previous By Thread Next

Current thread: