CWE-605: Multiple Binds to the Same Port
Description
When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.
Submission Date :
May 7, 2007, midnight
Modification Date :
2023-10-26 00:00:00+00:00
Organization :
MITRE
Extended Description
On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.
Example - 1
This code binds a server socket to port 21, allowing the server to listen for traffic on that port. This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.
// /*unlink the socket if already bound to avoid an error when bind() is called*///
int server_sockfd;int server_len;struct sockaddr_in server_address;unlink("server_socket");server_sockfd = socket(AF_INET, SOCK_STREAM, 0);server_address.sin_family = AF_INET;server_address.sin_port = 21;server_address.sin_addr.s_addr = htonl(INADDR_ANY);server_len = sizeof(struct sockaddr_in);bind(server_sockfd, (struct sockaddr *) &s1, server_len);void bind_socket(void) {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.