|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: FreeBSD listen()
3APA3A (3APA3A
SECURITY.NNOV.RU)
Fri, 29 Oct 1999 13:13:10 +0400
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: W.H.J.Pinckaers: "Re: Possibly exploitable overflow in Alibaba 2.0"
- Previous message: 3APA3A: "Re: FreeBSD listen()"
- In reply to: Sebastian: "Re: FreeBSD listen()"
- Next in thread: David Schwartz: "Re: FreeBSD listen()"
- Next in thread: Sebastian: "Re: FreeBSD listen()"
- Reply: David Schwartz: "Re: FreeBSD listen()"
Hello David Schwartz,
29.10.1999 0:13, you wrote: FreeBSD listen();
D> It makes no sense at all to use the listen backlog as any sort of security
D> mechanism. If you only wish to accept one connection, only call 'accept'
D> once.
accept() just allocates socket for connection that is already
established and removes this connection from queue. It works just like
getchar() works with keyboard input. Calling accept once doesn't
assumes you that only one connection is established - like calling
getchar() once doesn't assumes you that only one symbol is entered by
user.
>> http://www.nai.com/nai_labs/asp_set/advisory/ftp-paper.asp
D> This is about authentication. It has nothing to do with the number of
D> connections.
This one about FTP vulnerabilities. I'm disagree with this paper in
many things, but it shows how vulnerabilities can be exploited. I fond
this problem by myself while testing my Windows NT FTP server behind
firewall... And i wrote this program to test NT (it works just like
DoS but doesn't let some data to be intersected) but i "discovered" it
perfectly working against BSD. I was wondered and reported to bugtraq.
Aleph One gave me NAI URL. Making some workaround about this problem i
found some differences from NAI - the problem is strongly system
depended, so it seems like OS weakness, not FTP protocol weakness and
that BSD ftp client is vulnerable, inspire of NAI claims it doesn't.
That's why i want to discuss this problem again.
>> and realized in exploit posted to Vuln-dev, see
>>
>> http://www.securityfocus.com/templates/archive.pike?list=82&date=1
D> 999-10-15&msg=9628.991015SECURITY.NNOV.RU
D> This is about active versus passive FTP. It has nothing to do with listen
D> backlogs or connection counts.
It works in FreeBSD just because of this problem.
D> DS
"3APA3A" <WWW.SECURITY.NNOV.RU>
- Next message: W.H.J.Pinckaers: "Re: Possibly exploitable overflow in Alibaba 2.0"
- Previous message: 3APA3A: "Re: FreeBSD listen()"
- In reply to: Sebastian: "Re: FreeBSD listen()"
- Next in thread: David Schwartz: "Re: FreeBSD listen()"
- Next in thread: Sebastian: "Re: FreeBSD listen()"
- Reply: David Schwartz: "Re: FreeBSD listen()"
This archive was generated by hypermail 2.0b3 on Sat Oct 30 1999 - 16:23:16 CDT