CWE-605

Multiple Binds to the Same Port

AI Translation Available

When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed.

Status

draft

Abstraction

variant

Affected Platforms

Extended Description

AI Translation

On most systems, a combination of setting the SO_REUSEADDR socket option, and a call to bind() allows any process to bind to a port to which a previous process has bound with INADDR_ANY. This allows a user to bind to the specific address of a server bound to INADDR_ANY on an unprivileged port, and steal its UDP packets/TCP connection.

Technical Details

AI Translation

Common Consequences

confidentiality integrity

Impacts

read application data

Detection Methods

automated static analysis

Potential Mitigations

Phases:

policy

Descriptions:

• Restrict server socket address to known local addresses.

AI Generated Translation

Common Consequences

riservatezza integrità

Impacts

leggere dati applicazione

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

politiche

Descriptions:

• Limitare l'indirizzo del socket del server a indirizzi locali noti.

CWE-605

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter