Bugtraq mailing list archives

Re: bind() Security Problems

From: casper () holland Sun COM (Casper Dik)
Date: Fri, 2 Feb 1996 11:28:31 +0100

I am not on any of these security lists but I have just been forwarded this
alert about bind().

This is a "feature" of IP Multicast support. I reported this bug in November
1993 on the IP Multicast workers mailing list, and directly to Steeve Deering.



I'm not sure if this is a correct attriobution of the origin of the problem.

The problem exists in some form or other in SunOS 4.1.x for both
TCP and UDP (binding to a more specific address works even if there's
a listener on the wildcard address as long as you specify SO_REUSEADDR
on the second bind)

SunOS 4.1.x has no multicast support nor is there any multicast support
for TCP.

Casper

Current thread:

Re: bind() Security Problems, (continued)
- - - Re: bind() Security Problems Baba Z Buehler (Feb 05)
    - passwd command in AIX 4.1.4 Dave Roberts (Feb 05)
    - Re: passwd command in AIX 4.1.4 Chris Burris (Feb 05)
    - Re: passwd command in AIX 4.1.4 JaDe (Feb 05)
    - CGI security: Escape newlines. Jennifer Myers (Feb 05)
    - Re: CGI security: Escape newlines. Dave Andersen (Feb 05)
    - Re: CGI security: Escape newlines. Fred Cohen (Feb 06)
    - [Fwd: HTTPd 1.5a Security Hole!!! (fwd)] Rogue Agent (Feb 06)
  - abuse Red Hat 2.1 security hole David J Meltzer (Feb 02)
  - resizecons Red Hat 2.1 security hole David J Meltzer (Feb 02)
- Re: bind() Security Problems Casper Dik (Feb 02)
- Re: bind() Security Problems Alan Cox (Feb 01)