[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Multiple Binds to the Same Port

ID: 605Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation
  • Operation

Common Consequences

ScopeTechnical ImpactNotes
Confidentiality
Integrity
 
Read application data
 
Packets from a variety of network services may be stolen or the services spoofed.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Policy
 
 Restrict server socket address to known local addresses.
 
  

Relationships

Related CWETypeViewChain
CWE-605 ChildOf CWE-898 Category CWE-888  

Demonstrative Examples   (Details)

  1. This code binds a server socket to port 21, allowing the server to listen for traffic on that port.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
Anonymous Tool Vendor (under NDA)  
 
 

References:
None

© 2013 SecPod Technologies