Hosting Provided By

Insecurities in Non-exclusive Scoket Binding

From: Firosh Ummer <firosh.ummer(at)paladion.net>
Date: Sun Mar 09 2003 - 23:18:51 EST

('binary' encoding is not supported, stored as-is)

All,

I've written a paper on the risks in non-exclusive socket binding, and how developers can mitigate the risks. Using MySQL as an illustration, the paper discusses how attackers could potentially hijack sockets bound by a higher privilged process, and inject commands in the stream. This is a local privilege escalation attack, and is easier to do than one would imagine.

Link to the paper: http://www.paladion.net/papers/socketbinding.pdf

Socket hijacking itself is not new - it has been cited in several sources on the net. What I find disturbing is how easy it is for an attacker to hijack a privileged connection and then insert privileged commands, running with very low privileges.

Would appreciate any feedback/suggestions on improving the paper.

Thanks & regards,
Firosh

Firosh Ummer
Paladion Networks
www.paladion.net Received on Mon Mar 10 13:02:28 2003

This message: [ Message body ]
Next message: Jeremy Epstein: "RE: Some questions on DES Encryption..."
Previous message: Kryptik Logik: "Some questions on DES Encryption..."
Next in thread: Marc Slemko: "Re: Insecurities in Non-exclusive Scoket Binding"
Reply: Marc Slemko: "Re: Insecurities in Non-exclusive Scoket Binding"
Reply: David Wagner: "Re: Insecurities in Non-exclusive Scoket Binding"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:46 EDT

Do you need help?