Re: FreeBSD recent exploits.

[cschuber () uumail gov bc ca (Cy Schubert - ITSD Open Systems Group)]

> Hello, I run a FreeBSD news server. I have been keeping up with the
> various recent security holes (the suidperl, rdist, etc.).
>
> However, since this is a full disclosure list, I must say my curiousity
> is piqued about the latest two.
>
> First, how would one use the hole in the ppp program? I noticed, looking
> at the patch, the flawed logic in some of the source code. However, since
> I am trying to learn C myself, I wasn't sure how they would be exploited.
>
> Secondly, the rz/sz. Is this a FreeBSD only hole, or a "bad idea" that is
> part of the zmodem protocol? And I am dying to see more info about it, as
> in, exactley what part of the protocol allows you to do this? Also,
> without knowing the history of rz/sz, why on earth did they include such
> a thing, if it was in fact a deliberate inclusion?
>
> Andy Dills

This is a bad idea that is part of the Zmodem protocol.  Chuck Forsberg, the
author of Zmodem, markets a number of Zmodem programs, e.g. dsz, zcomm, and
Pro-Yam, through is company Omen Technologies.  When I used to use Pro-Yam under
MS-DOS, Pro-Yam had a zcommand command that would allow you to execute a command
on the remote machine and have the output sent back to you, kind of like rsh.
It is not very secure, however in the MS-DOS world access to a single machine is
generally limited to a small number of people (except BBS systems), so the
degree of exposure is also somewhat limited as well.


Regards,                       Phone:  (604)389-3827
Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
ITSD                        Internet:  cschuber () uumail gov bc ca
                                       cschuber () bcsc02 gov bc ca

                "Quit spooling around, JES do it."