|
Bugtraq
mailing list archives
Bug Serious problem in NEC SOCKS server
From: tschroed () CHEETAH WSC EDU (Trevor Schroeder)
Date: Fri, 9 May 1997 11:26:19 -0500
The following bug is present at *least* in Socks5 beta-0.17.2 from NEC. Other
versions haven't been tested, but they are most likely vulnerable as well
From the manpage:
SOCKS5_PIDFILE
Identifies the filename that stores the socks5 process ID when the
port is a port other than 1080. When you use port 1080, socks5
stores the PID in /tmp/socks5.pid. When you run socks5 on a port
other than 1080, socks5 stores the PID in /tmp/socks5.(port).pid
unless you specify an alternate filename with SOCKS5_PIDFILE.
If /tmp/socks5.pid doesn't exist, it is simply a matter of linking the
password file to /tmp/socks5.pid (or whatever it's called on your system).
When socks starts up, it happily overwirtes the file's previous contents with
the PID of the new socks server.
Workarounds:
* Use mktemp to generate a unique temp file name and redirect socks to that
* The source is available, recompile *without* PID file support
* Create /tmp/socks5.pid (as root) and make sure that ordinary users can't
remove it
____________________________________________________________
"One unerring mark of the love of truth is not entertaining
any propositions with greater assurance than the proofs it
is built upon will warrant" -- John Locke, 1690
Trevor Schroeder tschroed () cheetah wsc edu
------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
