Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-1999-1402

Publish Date: 19 Jun 1997

                							

                source: http://www.securityfocus.com/bid/456/info


Solaris 2.6 and many other unices/clones have a serious problem with their unix domain socket implementation that has it's origins in old BSD code. Any unix socket created by any application is set mode 4777. In Solaris versions 2.5 and earlier, the permissions were ignored completely. The applications are vulnerable to being connected to and written to by anyone. This could lead to a whole number of application-specific security compromises. 

Here is some sample code (by Nirva):

#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
#include &lt;sys/un.h&gt;
#include &lt;sys/socket.h&gt;

main(int argc, char *argv[])
{
struct sockaddr_un addr;
int s;

s = socket(AF_UNIX, SOCK_STREAM, 0);

bzero(&amp;addr, sizeof(addr));
addr.sun_family = AF_UNIX;
strcpy(addr.sun_path, "/tmp/yoursocket");
if (bind(s, (struct sockaddr *)&amp;addr, sizeof(addr)) &lt; 0) {
perror("bind");
exit(1);
}
sleep(100);

exit(0);
}

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

FreeBSD 3.1 / Solaris 2.6 - Domain Socket

Vulmon Search

About

Products

Connect