Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
history:hack93 [2014/12/27 03:01] – [Synchronet/DSZ Hack of 1993] digital manhistory:hack93 [2014/12/27 03:08] – [The Vulnerability] explain what DSZ is in a parenthetical statement digital man
Line 5: Line 5:
 ===== The Vulnerability ===== ===== The Vulnerability =====
  
-A dubious and not-very-well documented feature of [[http://omen.com|DSZ]] allows the sender of a file to specify a path prefix to be be prepended onto the filename being stored on the receiving system thus allowing the sender to create or overwrite files outside of the intended destination directory (the intended destination directory is usually an upload or temporary directory not containing any sensitive system files). Adding a simple "re" (or "restrict") command-line option disables the PREFIX feature and eliminated the vulnerability. In hindsight, it really had nothing to do with Synchronet other than Synchronet had a dependency on external file transfer protocol drivers and this particular one (DSZ) had a significant security weakness in its default configuration.+A dubious and not-very-well documented feature of [[http://omen.com|DSZ]] (a popular file transfer program for BBSes of the time) allows the sender of a file to specify a path prefix to be be prepended onto the filename being stored on the receiving system thus allowing the sender to create or overwrite files outside of the intended destination directory (the intended destination directory is usually an upload or temporary directory not containing any sensitive system files). Adding a simple "re" (or "restrict") command-line option disables the "PREFIXfeature and eliminated the vulnerability. In hindsight, it really had nothing to do with Synchronet other than Synchronet had a dependency on external file transfer protocol drivers and this particular one (DSZ) had a significant security weakness in its default configuration.
  
 To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the ''restrict'' option: To be fair, the DSZ documentation (DSZ.DOC) does contain these notes about the ''restrict'' option:

Trace: