Slashdot Mirror

← Back to Stories (view on slashdot.org)

WINE Still Vulnerable to WMF Exploit

Posted by Zonk on from the patch-up-young-linux-users dept.

blast3r wrote to mention a ZDNet Blog posting by George Ou, stating that WINE is still vulnerable to the WMF flaw. From the article: "All applications launched inside Wine, Cedega, or Cross-Over Office are technically still exploitable. Wine runs on most x86 platforms, including Linux and the various BSDs. The surprising part about finding this flaw in Wine is that they implemented the entire Meta File API without realizing that this could be a security issue. Exploiting a Windows application running inside Wine depends on that application calling the vulnerable function with malicious data."

8 of 240 comments (clear)

  1. So... by ImaLamer · · Score: 5, Interesting

    Should I be worried about my Fake Windows security or am I at no risk as long as I don't run "sol.exe" as root?

    How far can someone get by working over WINE with this exploit?

    --
    Get your Unix fortune now!
    1. Re:So... by Craig+Davison · · Score: 3, Interesting

      You don't need to be root to send out 1000 spams/minute.

      --
      Hands in my pocket
  2. Kudos to WINE by DrXym · · Score: 5, Interesting
    For implementing Win32 so closely that you can actually be infected with Win32 exploits. I suspect that the effects wouldn't be as bad as the real thing though.

    On a serious note, I wonder what this means for emulation projects. If you recognize an exploit in the original environment (as possibly someone did when writing a WMF parser for WINE), do you implement the exploit in your emulator or do you introduce a potential incompatibility?

    1. Re:Kudos to WINE by IamTheRealMike · · Score: 4, Interesting
      FWIW I've spent several years as a Wine developer, and I definitely consider it to be emulation.

      That said, this story is just a lot of scaremongering from ZDNet. Sure, you could be hacked through this if you run IE in Wine and use it as a general web browser (which I doubt anybody does), but the damage would be limited to the virtual Windows environment which can be blown away and reset in 20 seconds. It's not like the reinstall from scratch job a real Windows would require. Wine also ignores any startup entries software may install.

      Still, it should be fixed, probably in the same way that MS did it. And in fact Marcus has already posted a patch that would do this, so I expect it'll be fixed soon enough.

  3. Make a copy? by vandon · · Score: 5, Interesting

    Can't you just make a copy of the fixed gdi32.dll from a working windows machine?

  4. Isn't that the Goal? by lordofthechia · · Score: 3, Interesting

    After all, from winehq.org: "Wine has always strived for "bug for bug" compatibility"

    --
    Georgia Tech, the leader in Chia(tm) technology.
  5. I don't understand by overshoot · · Score: 5, Interesting
    The WINE libraries don't even include an equivalent of the DLL that causes the problem for Microsoft.

    How does WINE manage to duplicate a flaw in a function that WINE doesn't even implement?

    --
    Lacking <sarcasm> tags, /. substitutes moderation as "Troll."
  6. How long should a fix take? by MeBot · · Score: 3, Interesting

    Six days after m$ft learned of the vulnerability, we were all yelling that it shouldn't take that long for a fix and thank heavens that open source projects could always churn out fixes so much quicker. Well, the open source wine has now had 3 days. Does that mean that if wine takes another 3 days, then we've proven that open source isn't always faster with fixes?