| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43C7FFE2.3020804@merydion.com> Date: Fri, 13 Jan 2006 11:30:42 -0800 From: Austin Murkland <amurkland@...ydion.com> To: Sune Kloppenborg Jeppesen <jaervosz@...too.org> Cc: security-alerts@...uxsecurity.com, gentoo-announce@...too.org, bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: Re: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability Can anyone else verify Steve Gibson's assertion that this flaw was intentionally placed by Microsoft programmers? http://www.grc.com/sn/SN-022.htm Sune Kloppenborg Jeppesen wrote: > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Gentoo Linux Security Advisory GLSA 200601-09 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > http://security.gentoo.org/ > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Severity: Normal > Title: Wine: Windows Metafile SETABORTPROC vulnerability > Date: January 13, 2006 > Bugs: #118101 > ID: 200601-09 > > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Synopsis > ======== > > There is a flaw in Wine in the handling of Windows Metafiles (WMF) > files, which could possibly result in the execution of arbitrary code. > > Background > ========== > > Wine is a free implementation of Windows APIs for Unix-like systems. > > Affected packages > ================= > > ------------------------------------------------------------------- > Package / Vulnerable / Unaffected > ------------------------------------------------------------------- > 1 app-emulation/wine < 20050930 >= 20050930 > > Description > =========== > > H D Moore discovered that Wine implements the insecure-by-design > SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. > > Impact > ====== > > An attacker could entice a user to open a specially crafted Windows > Metafile (WMF) file from within a Wine executed Windows application, > possibly resulting in the execution of arbitrary code with the rights > of the user running Wine. > > Workaround > ========== > > There is no known workaround at this time. > > Resolution > ========== > > All Wine users should upgrade to the latest version: > > # emerge --sync > # emerge --ask --oneshot --verbose ">=app-emulation/wine-20050930" > > References > ========== > > [ 1 ] CVE-2006-0106 > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0106 > > Availability > ============ > > This GLSA and any updates to it are available for viewing at > the Gentoo Security Website: > > http://security.gentoo.org/glsa/glsa-200601-09.xml > > Concerns? > ========= > > Security is a primary focus of Gentoo Linux and ensuring the > confidentiality and security of our users machines is of utmost > importance to us. Any security concerns should be addressed to > security@...too.org or alternatively, you may file a bug at > http://bugs.gentoo.org. > > License > ======= > > Copyright 2006 Gentoo Foundation, Inc; referenced text > belongs to its owner(s). > > The contents of this document are licensed under the > Creative Commons - Attribution / Share Alike license. > > http://creativecommons.org/licenses/by-sa/2.0 > -- Austin Murkland Network Admin. Merydion Corporation p. 626.337.0111 f. 626.608.0402 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists