Slashdot Mirror

← Back to Stories (view on slashdot.org)

WINE Still Vulnerable to WMF Exploit

Posted by Zonk on from the patch-up-young-linux-users dept.

blast3r wrote to mention a ZDNet Blog posting by George Ou, stating that WINE is still vulnerable to the WMF flaw. From the article: "All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue. Exploiting a Windows application running inside Wine depends on that application calling the vulnerable function with malicious data."

8 of 240 comments (clear)

  1. Immitation is the sincerest form of flattery by Schezar · · Score: 5, Insightful

    I suppose this speaks very highly of the WINE developers. After all, they're not out to make something better than Windows: they're out there to duplicate every broken, strange, or inexplicable behaviour Windows exhibits.

    Wine is Not an Emulator, but it's purpose is to allow all of us in Linuxland to use software developed for Windows. That means that it must replicate even the broken parts.

    Luckily, I assume two things:

    1. The WINE devs will plug this as soon as they get around to it.

    2. Anyone using WINE successfully is probably canny enough to make due until then without getting themselves compromised.

    --
    GeekNights!
    Late Night Radio for Geeks!
  2. Re:serious question by fred_sanford · · Score: 3, Insightful

    it doesn't have to be a wmf file to be effected. jpg, gif, bmp, that use wmf headers can still execute code.

  3. Why should they realize it's a problem? by Weaselmancer · · Score: 4, Insightful

    The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue.

    Remember, the goal of WINE is to duplicate the API as exactly as possible. And up until a few days ago, that *was* part of the API.

    WINE isn't supposed to be an improvement, just a duplication of the API so that win32 apps can run on x86 *nix. It should be no surprise to anyone that their implementation of the metafile API is exactly like the one in Windows. That's the point.

    --
    Weaselmancer
    rediculous.
  4. Re:I don't understand by cnettel · · Score: 5, Insightful

    The DLL in question is a common library used to load and view image files. The real WMF parsing is going on in GDI32 and Win32K.sys (GDI32 relies on Win32k, which is generally not called directly), though. So, you can't run explorer.exe from XP to get fancy thumbnails, but you CAN open an exploiting WMF file in several programs, and get the exploit all for free. As I noted in another comment, it's unlikely that a WMF effective on XP would also be effective on WINE, as it will probably be relying on the specific address space layout, though.

  5. Re:That's just wrong... by Fordiman · · Score: 3, Insightful

    Think statistics.

    How many applications that pass WMFs (ie: email clients and browsers) do you use under linux that require Wine? Now how many do you use under windows that would be potentially exploited?

    This is far less serious for Linux users than Windows users.

    --
    110100 1101000 1101000 1100110 0 1101111 1101000 1100011 1
  6. It's already fixed in CVS anyways by Krach42 · · Score: 3, Insightful

    Just: cvs update && make World && sudo make install

    Patched, Fixed, Done.

    If you RTFA, you'll even see that the very person to report that WINE was flawed the same as Windows submitted a patch to fix the problem along with his notice that it was broken.

    THAT is how fast OSS is. The very vulnerability announcement says how to fix it.

    --

    I am unamerican, and proud of it!
  7. The thing here is... by williamyf · · Score: 5, Insightful

    ... that when the WINE Coders were coding the Metafile APIs, they:

    1.) Did not realize this was a design flaw (most likely).
            or
    2.) Realized this was a security flaw and have been explioting it since years ago (highly unlikely).
              or
    3.) Have been urging Microsoft to change the code since they realized (highly unlikely, as well).

              The point I am trying to make is that this design flaw was not spotted by the many eyes of the WINE project, showing that even the OSS development model is subject to mistakes.

              The intent of this comment is not to say which development model is better, just to point out the fact that ALL development models are subjet to failures, and that our analysis should not be so unidimensional and binary, a thought that seems to be quite lost in this particular thread.

              As an aside, if this atack was made public in 12/27/05, and confirmed by Microsoft in 12/28/05, shoudnt have the WINE comunity tested for the flaw, posted a preliminary patch ASAP and then post a definitive patch that mimics the efect off the Microsoft patch? Why to produce the patch just AFTER Microsoft posted theirs, late by the comon wisdom of /.?

              My other question our regard a Turing-Complete "Image File Format", Postscript. Given the complexity in Postcript, is it not possible (but most likely harder, since it can not touch Filesystems) to do exploits in it?

              Just my two cents

    --
    *** Suerte a todos y Feliz dia!
  8. Re:Kudos to WINE by Mancat · · Score: 3, Insightful

    The WMF format has been around quite a while, since Windows 3.0 IIRC. I'm not saying it's not possible, but not too likely. I don't know how many open-source vector graphics libraries existed around 1990.

    --
    hello dear sirs my name is jamesh i are india (bihar) can u guide me install red had linux 9?