lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 13 Jan 2006 11:30:42 -0800
From: Austin Murkland <amurkland@...ydion.com>
To: Sune Kloppenborg Jeppesen <jaervosz@...too.org>
Cc: security-alerts@...uxsecurity.com, gentoo-announce@...too.org,
	bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: [ GLSA 200601-09 ] Wine: Windows Metafile
	SETABORTPROC vulnerability


Can anyone else verify Steve Gibson's assertion that this flaw was 
intentionally placed by Microsoft programmers?

http://www.grc.com/sn/SN-022.htm

Sune Kloppenborg Jeppesen wrote:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory                           GLSA 200601-09
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>                                             http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
>   Severity: Normal
>      Title: Wine: Windows Metafile SETABORTPROC vulnerability
>       Date: January 13, 2006
>       Bugs: #118101
>         ID: 200601-09
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Synopsis
> ========
>
> There is a flaw in Wine in the handling of Windows Metafiles (WMF)
> files, which could possibly result in the execution of arbitrary code.
>
> Background
> ==========
>
> Wine is a free implementation of Windows APIs for Unix-like systems.
>
> Affected packages
> =================
>
>     -------------------------------------------------------------------
>      Package             /  Vulnerable  /                   Unaffected
>     -------------------------------------------------------------------
>   1  app-emulation/wine     < 20050930                     >= 20050930
>
> Description
> ===========
>
> H D Moore discovered that Wine implements the insecure-by-design
> SETABORTPROC GDI Escape function for Windows Metafile (WMF) files.
>
> Impact
> ======
>
> An attacker could entice a user to open a specially crafted Windows
> Metafile (WMF) file from within a Wine executed Windows application,
> possibly resulting in the execution of arbitrary code with the rights
> of the user running Wine.
>
> Workaround
> ==========
>
> There is no known workaround at this time.
>
> Resolution
> ==========
>
> All Wine users should upgrade to the latest version:
>
>     # emerge --sync
>     # emerge --ask --oneshot --verbose ">=app-emulation/wine-20050930"
>
> References
> ==========
>
>   [ 1 ] CVE-2006-0106
>         http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106
>
> Availability
> ============
>
> This GLSA and any updates to it are available for viewing at
> the Gentoo Security Website:
>
>   http://security.gentoo.org/glsa/glsa-200601-09.xml
>
> Concerns?
> =========
>
> Security is a primary focus of Gentoo Linux and ensuring the
> confidentiality and security of our users machines is of utmost
> importance to us. Any security concerns should be addressed to
> security@...too.org or alternatively, you may file a bug at
> http://bugs.gentoo.org.
>
> License
> =======
>
> Copyright 2006 Gentoo Foundation, Inc; referenced text
> belongs to its owner(s).
>
> The contents of this document are licensed under the
> Creative Commons - Attribution / Share Alike license.
>
> http://creativecommons.org/licenses/by-sa/2.0
>   

-- 

Austin Murkland
Network Admin.
Merydion Corporation
p. 626.337.0111   f. 626.608.0402

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists