Vulnerability Development mailing list archives
Re: Exploiting any network protocol with secondary datachannelsopened from the server
From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Wed, 5 Apr 2000 10:53:35 +0200
Ralf-Philipp Weinmann wrote:
On Sun, 19 Mar 2000, Mikael Olsson wrote:If you're allowed to issue "bind(socket,sockaddr);" equivalent requests in Java, you can loop requests from local ports 0 to 65535 and see which ones you are NOT allowed to bind.java.net.ServerSocket(portnumber) can be used for bind()ing a port. [snip] I just tested it and it works (Netscape 4.0x under linux).
I finally got hold of a java compiler and compiled your sources. Tested under MSIE 4 and 5 (Java VM v4.7x and v5.00 respectively) but they refused any ServerSocket() operation - throws SecurityException as soon as I try to create the socket. Netscape 4.6 and 4.7 under WinNT happily allows creation of the ServerSockets as long as they are 1024 or higher, but they never fail (i.e. it looks like there are no open ports). I don't know why yet. Either it simply does not bind the port, or maybe it hijacks bindings previous apps have done, that is, setsockopt(SO_REUSEADDR) equivalent. If it's the latter, it's somewhat bad but in a different way :-) Did you actually find any open ports in your testing under linux? /Mike -- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50 Mobile: +46 (0)70 66 77 636 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Exploiting any network protocol with secondary datachannelsopened from the server Mikael Olsson (Apr 05)