[2981] in bugtraq
Re: FreeBSD recent exploits.
daemon@ATHENA.MIT.EDU (Cy Schubert - ITSD Open Systems Gr)
Tue Jul 23 12:21:06 1996
Date: Tue, 23 Jul 1996 08:28:07 -0700
Reply-To: cschuber@orca.gov.bc.ca
From: Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Thu, 18 Jul 96 17:42:32 EDT."
<Pine.SUN.3.91.960718173419.23772A-100000@bigdog.fred.net>
> Hello, I run a FreeBSD news server. I have been keeping up with the
> various recent security holes (the suidperl, rdist, etc.).
>
> However, since this is a full disclosure list, I must say my curiousity
> is piqued about the latest two.
>
> First, how would one use the hole in the ppp program? I noticed, looking
> at the patch, the flawed logic in some of the source code. However, since
> I am trying to learn C myself, I wasn't sure how they would be exploited.
>
> Secondly, the rz/sz. Is this a FreeBSD only hole, or a "bad idea" that is
> part of the zmodem protocol? And I am dying to see more info about it, as
> in, exactley what part of the protocol allows you to do this? Also,
> without knowing the history of rz/sz, why on earth did they include such
> a thing, if it was in fact a deliberate inclusion?
>
> Andy Dills
This is a bad idea that is part of the Zmodem protocol. Chuck Forsberg, the
author of Zmodem, markets a number of Zmodem programs, e.g. dsz, zcomm, and
Pro-Yam, through is company Omen Technologies. When I used to use Pro-Yam under
MS-DOS, Pro-Yam had a zcommand command that would allow you to execute a command
on the remote machine and have the output sent back to you, kind of like rsh.
It is not very secure, however in the MS-DOS world access to a single machine is
generally limited to a small number of people (except BBS systems), so the
degree of exposure is also somewhat limited as well.
Regards, Phone: (604)389-3827
Cy Schubert OV/VM: BCSC02(CSCHUBER)
Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET
ITSD Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
