[2500] in bugtraq
Re: bind() Security Problems
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Feb 2 19:44:55 1996
Date: Fri, 2 Feb 1996 11:28:31 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Casper Dik <casper@holland.Sun.COM>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: Your message of "Thu, 01 Feb 1996 11:49:33 GMT."
<E0thxWH-0006CP-00@bescot.cl.cam.ac.uk>
>I am not on any of these security lists but I have just been forwarded this
>alert about bind().
>
>This is a "feature" of IP Multicast support. I reported this bug in November
>1993 on the IP Multicast workers mailing list, and directly to Steeve Deering.
I'm not sure if this is a correct attriobution of the origin of the problem.
The problem exists in some form or other in SunOS 4.1.x for both
TCP and UDP (binding to a more specific address works even if there's
a listener on the wildcard address as long as you specify SO_REUSEADDR
on the second bind)
SunOS 4.1.x has no multicast support nor is there any multicast support
for TCP.
Casper
