Slashdot Mirror

← Back to Stories (view on slashdot.org)

WINE Still Vulnerable to WMF Exploit

Posted by Zonk on from the patch-up-young-linux-users dept.

blast3r wrote to mention a ZDNet Blog posting by George Ou, stating that WINE is still vulnerable to the WMF flaw. From the article: "All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue. Exploiting a Windows application running inside Wine depends on that application calling the vulnerable function with malicious data."

13 of 240 comments (clear)

  1. So... by ImaLamer · · Score: 5, Interesting

    Should I be worried about my Fake Windows security or am I at no risk as long as I don't run "sol.exe" as root?

    How far can someone get by working over WINE with this exploit?

    --
    Get your Unix fortune now!
    1. Re:So... by Craig+Davison · · Score: 3, Interesting

      You don't need to be root to send out 1000 spams/minute.

      --
      Hands in my pocket
  2. Kudos to WINE by DrXym · · Score: 5, Interesting
    For implementing Win32 so closely that you can actually be infected with Win32 exploits. I suspect that the effects wouldn't be as bad as the real thing though.

    On a serious note, I wonder what this means for emulation projects. If you recognize an exploit in the original environment (as possibly someone did when writing a WMF parser for WINE), do you implement the exploit in your emulator or do you introduce a potential incompatibility?

    1. Re:Kudos to WINE by IamTheRealMike · · Score: 4, Interesting
      FWIW I've spent several years as a Wine developer, and I definitely consider it to be emulation.

      That said, this story is just a lot of scaremongering from ZDNet. Sure, you could be hacked through this if you run IE in Wine and use it as a general web browser (which I doubt anybody does), but the damage would be limited to the virtual Windows environment which can be blown away and reset in 20 seconds. It's not like the reinstall from scratch job a real Windows would require. Wine also ignores any startup entries software may install.

      Still, it should be fixed, probably in the same way that MS did it. And in fact Marcus has already posted a patch that would do this, so I expect it'll be fixed soon enough.

  3. Make a copy? by vandon · · Score: 5, Interesting

    Can't you just make a copy of the fixed gdi32.dll from a working windows machine?

  4. Isn't that the Goal? by lordofthechia · · Score: 3, Interesting

    After all, from winehq.org: "Wine has always strived for "bug for bug" compatibility"

    --
    Georgia Tech, the leader in Chia(tm) technology.
  5. serious question by js3 · · Score: 2, Interesting

    does anyone use wmf files?

    --
    did you forget to take your meds?
    1. Re:serious question by Anonymous Coward · · Score: 1, Interesting

      I used to use it to insert vector images in Word. It was the only real alternative since Word didn't support anything more serious like .ai, .pdf or .eps.

    2. Re:serious question by Anonymous Coward · · Score: 1, Interesting

      jpg, gif, and bmp files can not have "wmf headers".

      You can make a WMF file that displays a jpg, gif, or bmp, but that's a bit different from the jpg, gif, or bmp having a "wmf header". It's a subtle difference.

  6. I don't understand by overshoot · · Score: 5, Interesting
    The WINE libraries don't even include an equivalent of the DLL that causes the problem for Microsoft.

    How does WINE manage to duplicate a flaw in a function that WINE doesn't even implement?

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
    1. Re:I don't understand by makomk · · Score: 2, Interesting

      I expect it's like Windows 98 - you can't get infected by websites, but you can get infected by viewing a WMF using some program that uses the Windows API to display them. (For example, most Word clipart is WMFs, IIRC.)

  7. Why its not really a BUG, and why WINE has it too by XMilkProject · · Score: 2, Interesting

    It's been a while since I've written any WMF software, but if I remember correctly, the problem here is with the general principle of a WMF, not a bug in any libraries, hence windows and wine both being vulnerable.

    A wmf is not a graphics format in a traditional sense, but rather a list of API calls to the GDI libraries that when fired off one after another will recreate an image.

    For this reason, saying that the WMF insecurity is a bug, is like saying that the fact that you can make a malicious EXE for windows is a bug also.

    I'm not saying it shouldn't be fixed, becuase it is a vulnerability, I'm just trying to shine some light on why similar vulnerabilities exist in WINE.

    If I have given an incorrect explanation of WMF, please feel free to comment.

    --
    Big ones, small ones, some as big as yer 'ead!
    Give 'em a twist, a flick o' the wrist...
  8. How long should a fix take? by MeBot · · Score: 3, Interesting

    Six days after m$ft learned of the vulnerability, we were all yelling that it shouldn't take that long for a fix and thank heavens that open source projects could always churn out fixes so much quicker. Well, the open source wine has now had 3 days. Does that mean that if wine takes another 3 days, then we've proven that open source isn't always faster with fixes?