[Mono-dev] Potential security problem on EndPointManager.cs
정연운(Jung, Yeonwoon)
flow3r at gmail.com
Sat Mar 24 13:38:43 UTC 2012
Hi,
While i was working on my project, i found a problem that HttpChannel class
doesn't take IP from 'bindTo' property well. HttpChannel internally uses
HttpListener. so i wrote simple test application like below:
static void Main(string[] args)
{
HttpListener listener = new HttpListener();
listener.Prefixes.Add(String.Format("http://127.0.0.1:9999/");
listener.Start();
Console.WriteLine("Press return to quit...");
Console.ReadLine();
listener.Stop();
}
I expect it opens 9999 port with specified IP binding, 127.0.0.1. but
netstat -anp | grep :9999 show the following result:
root at test-vm:~/mono-2.10.8.1# netstat -anp | grep :9999
tcp 0 0 0.0.0.0:9999 0.0.0.0:* LISTEN
15300/mono
Of course, MS .NET runtime lib works as expected:
C:\Users\yeonwoon>netstat -an | findstr :9999
TCP 127.0.0.1:9999 0.0.0.0:0 LISTENING
As you might know, this could be a potential vulnerability in term of
network security. If someone opens port on their machine with multiple
network interfaces combined with public/private IPs, even the person
restricted biding for private network on purpose, mono runtime doesn't bind
IP address as expected. As a result, the port is available on public
network as well.
i already sent a request of pulling on
github<https://github.com/mono/mono/pull/256>,
pls review and take it.
--
Yeonwoon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ximian.com/pipermail/mono-devel-list/attachments/20120324/a060d74c/attachment.html>
More information about the Mono-devel-list
mailing list