Corgea LogoCorgea Security Hub

CWE-605: Multiple Binds to the Same Port

Learn about CWE-605 (Multiple Binds to the Same Port), its security impact, exploitation methods, and prevention guidelines.

What is Multiple Binds to the Same Port?

• Overview: Multiple Binds to the Same Port occurs when multiple sockets are allowed to bind to the same network port, potentially leading to service hijacking or spoofing.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by binding to a port already in use by a legitimate service, intercepting or hijacking communication intended for the legitimate service.
  • Common attack patterns include using the SO_REUSEADDR socket option to bind to a port used by another process, especially in cases where INADDR_ANY is used.

• Security Impact:

  • Direct consequences include unauthorized interception or hijacking of data intended for the legitimate service.
  • Potential cascading effects involve disruption of service availability, data integrity issues, and unauthorized data access.
  • Business impact could involve loss of trust, data breaches, and potential legal ramifications due to unauthorized data access.

• Prevention Guidelines:

  • Specific code-level fixes include avoiding the use of SO_REUSEADDR when binding sockets unless absolutely necessary and ensuring that only one service binds to a given port.
  • Security best practices involve implementing strict access controls, using non-standard port assignments, and monitoring port activity.
  • Recommended tools and frameworks include using network security tools to monitor for suspicious port activity and employing firewalls to restrict unauthorized port access.
Corgea can automatically detect and fix Multiple Binds to the Same Port in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

Python Example

import socket

def bind_socket(port):
    server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)  # Allows address reuse
    server_socket.bind(('localhost', port))  # Binds to the specified port
    server_socket.listen(5)
    print(f"Server listening on port {port}")
    return server_socket

# Attempting to bind to the same port in another function
def another_bind_attempt(port):
    another_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    another_socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)  # Again allows address reuse
    another_socket.bind(('localhost', port))  # Attempts to bind to the same port
    another_socket.listen(5)
    print(f"Another bind attempt on port {port}")

# Simulating the vulnerable scenario
server_socket = bind_socket(8080)
another_bind_attempt(8080)

Explanation of Vulnerability:

  • The code uses socket.SO_REUSEADDR, which allows multiple sockets to bind to the same port. This can lead to multiple services mistakenly thinking they are listening on the same port.
  • This can result in service hijacking or spoofing, where an unauthorized service intercepts or steals connections intended for the legitimate service.

How to fix Multiple Binds to the Same Port?

To fix this issue:

  1. Avoid using SO_REUSEADDR for binding sockets unless absolutely necessary and properly managed. This option can lead to security issues if misunderstood.
  2. Ensure the application logic does not attempt to bind multiple sockets to the same port unless explicitly required and properly managed.
  3. Implement error handling to detect and log when attempts to bind to an already used port are made, ensuring these cases are properly managed.

Fixed Code Example

import socket

def bind_socket(port):
    server_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    # Do not set SO_REUSEADDR to prevent multiple bindings
    server_socket.bind(('localhost', port))
    server_socket.listen(5)
    print(f"Server listening on port {port}")
    return server_socket

def another_bind_attempt(port):
    try:
        another_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        # Avoid using SO_REUSEADDR to prevent unintentional port sharing
        another_socket.bind(('localhost', port))  # This will raise an error if the port is already in use
        another_socket.listen(5)
        print(f"Another bind attempt on port {port}")
    except socket.error as e:
        print(f"Error: Could not bind to port {port}: {e}")

# Simulating the fixed scenario
server_socket = bind_socket(8080)
another_bind_attempt(8080)

Explanation of Fix:

  • Removed the SO_REUSEADDR option to prevent multiple sockets from binding to the same port.
  • Added error handling in another_bind_attempt to catch and log binding errors, ensuring any attempt to bind to an already used port is detected and managed properly.
  • This fix ensures that only one socket can bind to a given port at a time, mitigating the risk of service hijacking or spoofing.
Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-605: Multiple Binds to the Same Port and get remediation guidance

Start for free and no credit card needed.