[Mono-dev] Potential security problem on EndPointManager.cs

정연운(Jung, Yeonwoon) flow3r at gmail.com
Sat Mar 24 13:38:43 UTC 2012


While i was working on my project, i found a problem that HttpChannel class
doesn't take IP from 'bindTo' property well. HttpChannel internally uses
HttpListener. so i wrote simple test application like below:

static void Main(string[] args)
HttpListener listener = new HttpListener();

Console.WriteLine("Press return to quit...");


I expect it opens 9999 port with specified IP binding, but
netstat -anp | grep :9999 show the following result:

root at test-vm:~/mono- netstat -anp | grep :9999
tcp        0      0*               LISTEN

Of course, MS .NET runtime lib works as expected:

C:\Users\yeonwoon>netstat -an | findstr :9999
  TCP              LISTENING

As you might know, this could be a potential vulnerability in term of
network security. If someone opens port on their machine with multiple
network interfaces combined with public/private IPs, even the person
restricted biding for private network on purpose, mono runtime doesn't bind
IP address as expected. As a result, the port is available on public
network as well.

i already sent a request of pulling on
pls review and take it.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20120324/a060d74c/attachment.html>

More information about the Mono-devel-list mailing list