Slashdot Mirror
WINE Still Vulnerable to WMF Exploit
blast3r wrote to mention a ZDNet Blog posting by George Ou, stating that WINE is still vulnerable to the WMF flaw. From the article: "All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue. Exploiting a Windows application running inside Wine depends on that application calling the vulnerable function with malicious data."
I suppose this speaks very highly of the WINE developers. After all, they're not out to make something better than Windows: they're out there to duplicate every broken, strange, or inexplicable behaviour Windows exhibits.
Wine is Not an Emulator, but it's purpose is to allow all of us in Linuxland to use software developed for Windows. That means that it must replicate even the broken parts.
Luckily, I assume two things:
1. The WINE devs will plug this as soon as they get around to it.
2. Anyone using WINE successfully is probably canny enough to make due until then without getting themselves compromised.
GeekNights!
Late Night Radio for Geeks!
it doesn't have to be a wmf file to be effected. jpg, gif, bmp, that use wmf headers can still execute code.
The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue.
Remember, the goal of WINE is to duplicate the API as exactly as possible. And up until a few days ago, that *was* part of the API.
WINE isn't supposed to be an improvement, just a duplication of the API so that win32 apps can run on x86 *nix. It should be no surprise to anyone that their implementation of the metafile API is exactly like the one in Windows. That's the point.
Weaselmancer
rediculous.
The DLL in question is a common library used to load and view image files. The real WMF parsing is going on in GDI32 and Win32K.sys (GDI32 relies on Win32k, which is generally not called directly), though. So, you can't run explorer.exe from XP to get fancy thumbnails, but you CAN open an exploiting WMF file in several programs, and get the exploit all for free. As I noted in another comment, it's unlikely that a WMF effective on XP would also be effective on WINE, as it will probably be relying on the specific address space layout, though.
Betcha the Wine team comes out with a fix before Microsoft does.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
Think statistics.
How many applications that pass WMFs (ie: email clients and browsers) do you use under linux that require Wine? Now how many do you use under windows that would be potentially exploited?
This is far less serious for Linux users than Windows users.
110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
An emulator is a replimentation, but it is not a mere reimplimentation of something. They are reimplimentations at different levels. Normally it's with parts of hardware mimicked by software.
Wine is at basically the same level as the original Windows...it's a bunch of libraries that have functions in them. These libraries do stuff, and sometimes talk to the OS. (And, in the case of Wine, X.)
There are a few parts of it where you could argue there is 'emulating' going on, where the software doesn't actually talk to any hardware, it just claims to, but wine is not itself an emulator, even if small parts are.
1) Whether there is anything beside that that could legitimately be called an emulator is an interesting question.
If corporations are people, aren't stockholders guilty of slavery?
Once for each version and vendor... (even tho it is one exploit)
--Phillip
Can you say BIRTH TAX
"a set of bundled libraries designed to be API compatible"
"designed to mimmick the behaviour of another piece of hardware or software in order to achieve the same functionality"
What's the difference?
Aren't the libraries bundled with WINE written to mimmick the responses of the equivalent Windows APIs? Sounds like emulation to me.
Developers: We can use your help.
Just: cvs update && make World && sudo make install
Patched, Fixed, Done.
If you RTFA, you'll even see that the very person to report that WINE was flawed the same as Windows submitted a patch to fix the problem along with his notice that it was broken.
THAT is how fast OSS is. The very vulnerability announcement says how to fix it.
I am unamerican, and proud of it!
The problem with this argument is that the announcement that Wine also suffered from this vulnerability included a patch to fix it, so that's a 0-day response between discovery and fix.
Except that the WMF format was created, what, more than 15 years ago? Not many people had computers then. Or the Internet. Or the bandwidth to share pictures through BBS's. Even if someone had found the exploit, it wouldn't have spread over more than, say, two or three computers worldwide. High-security programming? WTF? There was no *NEED* for high-security programming back then.
WMF became obsolete soon, and was forgotten. It's perfectly normal to forget to review code that old, especially if the programmers who wrote it have probably been retired by then. Hell, many people have probably never seen a WMF file before.
... that when the WINE Coders were coding the Metafile APIs, they:
/.?
1.) Did not realize this was a design flaw (most likely).
or
2.) Realized this was a security flaw and have been explioting it since years ago (highly unlikely).
or
3.) Have been urging Microsoft to change the code since they realized (highly unlikely, as well).
The point I am trying to make is that this design flaw was not spotted by the many eyes of the WINE project, showing that even the OSS development model is subject to mistakes.
The intent of this comment is not to say which development model is better, just to point out the fact that ALL development models are subjet to failures, and that our analysis should not be so unidimensional and binary, a thought that seems to be quite lost in this particular thread.
As an aside, if this atack was made public in 12/27/05, and confirmed by Microsoft in 12/28/05, shoudnt have the WINE comunity tested for the flaw, posted a preliminary patch ASAP and then post a definitive patch that mimics the efect off the Microsoft patch? Why to produce the patch just AFTER Microsoft posted theirs, late by the comon wisdom of
My other question our regard a Turing-Complete "Image File Format", Postscript. Given the complexity in Postcript, is it not possible (but most likely harder, since it can not touch Filesystems) to do exploits in it?
Just my two cents
*** Suerte a todos y Feliz dia!
But the facts are that the original design was made pre-Win3.0, long before the rise of the internet as we know it today. It's not surprising that the design flaw arose in that environment, and the design was used to deal with the hodge-podge of various printer behaviors from those days. And I don't particularly blame the actual handful of Wine devs that implemented the "whole API" and therefore inherited this design flaw.
But I do place blame on the OSS community.
Allow me to quote from Engaging with The Open Source Community:
This flaw was staring the OSS community right in the face for all this time, yet the OSS community failed to find it. Of course, I'm being too hard on the OSS community. I wouldn't expect that community to find this problem. But nor should you. The "many eyes" claim is a canard because in truth very few people not involved in the actual development of a particular piece of code actually examine that code for flaws, and even fewer can identify a flaw even if it's staring them in the face as clearly as this one.
-- "I never gave these stories much credence." - HAL 9000
a regular dictionary isn't always a reliable source when you're defining technical terms.
In the technical terminology of Computer Science, an emulator is some system which intentionally behaves like some other system. From a technical perspective, it doesn't matter at all if you are emulating hardware or software... conceptually, it's all the same thing.
The people who argue "Wine is not an emulator" are incorrectly using "emulator" as an abbreviation "hardware emulator", since that was the first place they heard of "emulator" programs.
That's similar to how some people act like "console" means a video-game machine, when really there are many other kinds of consoles.
The WMF format has been around quite a while, since Windows 3.0 IIRC. I'm not saying it's not possible, but not too likely. I don't know how many open-source vector graphics libraries existed around 1990.
hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?