CWE-605: Multiple Binds to the Same Port

Description

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

Submission Date :

May 7, 2007, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.

Example Vulnerable Codes

Example - 1

This code binds a server socket to port 21, allowing the server to listen for traffic on that port.


// /*unlink the socket if already bound to avoid an error when bind() is called*/// 
int server_sockfd;int server_len;struct sockaddr_in server_address;unlink("server_socket");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);bind(server_sockfd, (struct sockaddr *) &s1, server_len);void bind_socket(void) {}

This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 21, 2024 23:03