('binary' encoding is not supported, stored as-is) All, I've written a paper on the risks in non-exclusive socket binding, and how developers can mitigate the risks. Using MySQL as an illustration, the paper discusses how attackers could potentially hijack sockets bound by a higher privilged process, and inject commands in the stream. This is a local privilege escalation attack, and is easier to do than one would imagine. Link to the paper: http://www.paladion.net/papers/socketbinding.pdf Socket hijacking itself is not new - it has been cited in several sources on the net. What I find disturbing is how easy it is for an attacker to hijack a privileged connection and then insert privileged commands, running with very low privileges. Would appreciate any feedback/suggestions on improving the paper. Thanks & regards, Firosh Firosh Ummer Paladion Networks www.paladion.net
This archive was generated by hypermail 2b30 : Mon Mar 10 2003 - 10:02:21 PST