Re: zmodem protocol?

From: James Wyatt (jwyatt@rwsystems.net)
Date: 02/15/01 

Date: Thu, 15 Feb 2001 14:23:25 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Chris <admin@redshells.net>

On Thu, 15 Feb 2001, Chris wrote:
> Has anybody heard anything about possible security flaws in "lrzsz" ?
> Heres a short desciption from the website: "lrzsz is a unix
> communication package providing the XMODEM, YMODEM ZMODEM file transfer
> protocols." And the website: http://www.ohse.de/uwe/software/lrzsz.html

I still have to support X/Y/Z-modem for EDI dialin customers and several
other misc uses. The thing that comes to mind immediately is that Z-modem
allows running of a remote program unless you neuter the source code. The
code was not even expert friendly, IIRC, and was hell to pipe-fit to code
that did processing I needed performed on the files and managed the modem
ports. While I do not know of any specific buffer overflow bugs, given the
quality of what I saw, I think it would be pretty "chewy" to audit it.

The code runs non-suid, so you would only be risky if the user running the
{r,s}{x,b,z} commands wasn't who was on the other end of the communicaions
flow - not a problem with shell accounts using them on the command line. I
had to worry about it because my EDI users had no shell accounts.

FWIW, there isn't much in the X-modem stuff to break, but Z-modem allowed
pushing of the filename, the aforementioned remote command, and some other
stuff that would be ripe for buffer bugs.

It was definately quicker than building X/Y/Z-modem support from scratch
and from the various conflicting specs and I really appreciated that the
code *worked*, it was just hard to turn into an API and maintain. - Jy@

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: e-mail address mining tool?
    ... > Well, to be exact, almost no servers support this command nowadays. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
    (Pen-Test)
  • Re: getting absolute directory path?
    ... expands out past the cap, you'll get an "Arguement list too long" error ... this is starting to make sense as a difficulty in management. ... to the functions of the website, ... an instance where a file management task I'm doing on the command line ...
    (comp.lang.php)
  • Re: getting absolute directory path?
    ... but not in the .php files, that may be a bit more of a challenge. ... that a website is not the right solution ... What was the wildcarding problem you had?The size of the command ...
    (comp.lang.php)
  • Invisible Word
    ... If I attempt to do some automation from a web site (I do all of the ... will generate but will not look proper. ... a web context (from a little command line application wrapper) and the ... False' then the document generated by the website and the command line ...
    (microsoft.public.office.developer.automation)
  • Re: zmodem protocol?
    ... > Has anybody heard anything about possible security flaws in "lrzsz"? ... > communication package providing the XMODEM, ... And the website: http://www.ohse.de/uwe/software/lrzsz.html ... Could you be thinking of the Omen Technology programs that do the same ...
    (FreeBSD-Security)