Bugtraq: Re: Bug Serious problem in NEC SOCKS server

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Bug Serious problem in NEC SOCKS server

From: xomox () BORIS EDEN COM (Matt Bush)
Date: Fri, 9 May 1997 14:52:15 -0500


The following bug is present at *least* in Socks5 beta-0.17.2 from NEC.  Other
versions haven't been tested, but they are most likely vulnerable as well

[ ... ]


Workarounds:

* Use mktemp to generate a unique temp file name and redirect socks to that
* The source is available, recompile *without* PID file support
* Create /tmp/socks5.pid (as root) and make sure that ordinary users can't
remove it

Or, better yet, write the pidfile in a non-sticky directory, such
as /var/run (on bsd systems).

Trevor Schroeder                    tschroed () cheetah wsc edu


  -Matt

By Date By Thread

Current thread:

Irix: misc Yuri Volobuev (May 07)
- Re: Irix: misc J.A. Gutierrez (May 08)
- Re: Irix: misc Jaechul Choe (May 08)
- SGI Security Advisory 19961203-02-PX - IRIX netprint Program SGI Security Coordinator (May 08)
- Bug Serious problem in NEC SOCKS server Trevor Schroeder (May 09)
  - Re: Bug Serious problem in NEC SOCKS server Matt Bush (May 09)
  - Windows 95/NT DoS myst (May 09)
    - More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps Joe Zbiciak (May 10)
    - Re: More buffer overrun crap -- Solaris 2.5.1 /usr/bin/ps kevin brintnall (May 10)
    - Re: Windows 95/NT DoS Albert Siersema (May 10)
    - Re: Windows 95/NT DoS DiGennaro (May 10)