[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

88036

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Multiple Binds to the Same Port

ID: 605Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation
  • Operation

Common Consequences

ScopeTechnical ImpactNotes
Confidentiality
Integrity
 
Read application data
 
Packets from a variety of network services may be stolen or the services spoofed.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Policy
 
 Restrict server socket address to known local addresses.
 
  

Relationships

Related CWETypeViewChain
CWE-605 ChildOf CWE-898 Category CWE-888  

Demonstrative Examples   (Details)

  1. This code binds a server socket to port 21, allowing the server to listen for traffic on that port.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
Anonymous Tool Vendor (under NDA)  
 
 

References:
None

© SecPod Technologies