CWE-605 对同一端口的多重绑定
Multiple Binds to the Same Port
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.
扩展描述
On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 675 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 666 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Confidentiality', 'Integrity'] | Read Application Data | Packets from a variety of network services may be stolen or the services spoofed. |
可能的缓解方案
Policy
策略:
Restrict server socket address to known local addresses.
示例代码
例
This code binds a server socket to port 21, allowing the server to listen for traffic on that port.
bad C
int server_sockfd;
int server_len;
struct sockaddr_in server_address;
/unlink the socket if already bound to avoid an error when bind() is called/
unlink("server_socket");
server_sockfd = socket(AF_INET, SOCK_STREAM, 0);
server_address.sin_family = AF_INET;
server_address.sin_port = 21;
server_address.sin_addr.s_addr = htonl(INADDR_ANY);
server_len = sizeof(struct sockaddr_in);
bind(server_sockfd, (struct sockaddr *) &s1, server_len);
This code may result in two servers binding a socket to same port, thus receiving each other's traffic. This could be used by an attacker to steal packets meant for another process, such as a secure FTP server.
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Software Fault Patterns | SFP32 | Multiple binds to the same port |