Date: Thu, 15 Feb 2001 14:23:25 -0600 (CST) From: James Wyatt <jwyatt@rwsystems.net> To: Chris <admin@redshells.net> Cc: freebsd-security@FreeBSD.org Subject: Re: zmodem protocol? Message-ID: <Pine.BSF.4.10.10102151410570.18543-100000@bsdie.rwsystems.net> In-Reply-To: <3A8C2CC0.1DDC4857@redshells.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 15 Feb 2001, Chris wrote: > Has anybody heard anything about possible security flaws in "lrzsz" ? > Heres a short desciption from the website: "lrzsz is a unix > communication package providing the XMODEM, YMODEM ZMODEM file transfer > protocols." And the website: http://www.ohse.de/uwe/software/lrzsz.html I still have to support X/Y/Z-modem for EDI dialin customers and several other misc uses. The thing that comes to mind immediately is that Z-modem allows running of a remote program unless you neuter the source code. The code was not even expert friendly, IIRC, and was hell to pipe-fit to code that did processing I needed performed on the files and managed the modem ports. While I do not know of any specific buffer overflow bugs, given the quality of what I saw, I think it would be pretty "chewy" to audit it. The code runs non-suid, so you would only be risky if the user running the {r,s}{x,b,z} commands wasn't who was on the other end of the communicaions flow - not a problem with shell accounts using them on the command line. I had to worry about it because my EDI users had no shell accounts. FWIW, there isn't much in the X-modem stuff to break, but Z-modem allowed pushing of the filename, the aforementioned remote command, and some other stuff that would be ripe for buffer bugs. It was definately quicker than building X/Y/Z-modem support from scratch and from the various conflicting specs and I really appreciated that the code *worked*, it was just hard to turn into an API and maintain. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10102151410570.18543-100000>