COMMAND

    socks5

SYSTEMS AFFECTED

    Systems running NEC's Socks5 beta-0.17.2

PROBLEM

    The  following  bug  is  present  at *least* in Socks5 beta-0.17.2
    from NEC.  Other versions  haven't been tested, but they  are most
    likely vulnerable as well

    From the manpage:

     SOCKS5_PIDFILE
          Identifies the  filename that  stores the  socks5 process ID
          when the port is a port  other than 1080. When you use  port
          1080, socks5  stores the  PID in  /tmp/socks5.pid. When  you
          run socks5 on a port other than 1080, socks5 stores the  PID
          in /tmp/socks5.(port).pid  unless you  specify an  alternate
          filename with SOCKS5_PIDFILE.

    If /tmp/socks5.pid doesn't exist, it is simply a matter of linking
    the password file to  /tmp/socks5.pid (or whatever it's  called on
    your system).   When socks  starts up,  it happily  overwirtes the
    file's previous contents with the PID of the new socks server.

    Credit goes to Trevor Schroeder.

SOLUTION

    Use  mktemp  to  generate  a  unique  temp  file name and redirect
    socks to  that the  source is  available, recompile  *without* PID
    file support Create /tmp/socks5.pid  (as root) and make  sure that
    ordinary  users  can't  remove  it.   Or,  better  yet,  write the
    pidfile  in  a  non-sticky  directory,  such  as  /var/run (on bsd
    systems).