Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Do I need to recompile and/or re-link my applications that use the SmartSockets C client libraries?

applications client Libraries re-link recompile smartsockets
0
Posted

Do I need to recompile and/or re-link my applications that use the SmartSockets C client libraries?

0 CommentsAdd a Comment

1 Answer

0

Customer applications using the C client libraries are open to two attack vectors. Use of the standard SmartSockets messaging API exposes client applications to an attack via data injection. Use of the TipcConnAccept API entry point exposes applications to a direct TCP attack. A data injection attack requires that an attacker be able to insert data in the TCP communication channel between the SmartSockets Server and a client application, altering the client-server wire protocol. Customers should evaluate their network control and access policies to determine the exposure to a data injection attack. Customer applications using the TipcConnAccept API entry point (which allows a SmartSockets client to accept connections from another application, much as the RTserver does) are directly exposed to rogue client connections exploiting the client-to-client TCP connection. The exposure to this defect can be mitigated with a firewall that limits the peer hosts allowed to initiate a connection to

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123