lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon Jan 16 07:17:58 2006
From: lionel.ferette at belnet.be (Lionel Ferette)
Subject: Re: [ GLSA 200601-09 ] Wine: Windows Metafile
	SETABORTPROC vulnerability

In the wise words of Austin Murkland, on Friday 13 January 2006 20:30:
> Can anyone else verify Steve Gibson's assertion that this flaw was 
> intentionally placed by Microsoft programmers?
> 
> http://www.grc.com/sn/SN-022.htm
>From http://blogs.technet.com/msrc/archive/2006/01/13/417431.aspx:
"Now, there?s been some speculation that you can only trigger this by using an 
incorrect size in your metafile record and that this trigger was somehow 
intentional.  That speculation is wrong on both counts. The vulnerability can 
be triggered with correct or incorrect size values.  If you are seeing that 
you can only trigger it with an incorrect value, it's probably because your 
SetAbortProc record is the last record in the metafile. The way this 
functionality works is by registering the callback to be called after the 
next metafile record is played. If the SetAbortProc record is the last record 
in the metafile, it will be more difficult to trigger the vulnerability."

No, thus.

HTH,

Lionel

P.S.: cross-posting is bad

-- 
"To understand how progress failed to make our lives easier,
please press 3"

Lionel Ferette
BELNET CERT Coordinator

Tel: +32 2 7903385                  http://cert.belnet.be/
Fax: +32 2 7903375                  PGP Key Id: 0x5662FD4B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060116/fe4a8f9f/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ