Vulnerability Bulletins |
Ejecución remota de código en Wine al procesar ficheros Windows Metafile (WMF) |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Obtener acceso |
Dificulty | Experto |
Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Wine |
Description |
|
Se ha descubierto una vulnerabilidad en Wine. La vulnerabilidad reside en que Wine implementa la función de escape SETABORTPROC GDI para ficheros Windows Metafile (WMF). La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario mediante un archivo WMF especialmente diseñado que la víctima debe visualizar. El código se ejecutaría con los privilegios del usuario que ejecuta Wine. Esta vulnerabilidad es la misma descrita en ALTAIR-512-02085 pero en el código de Wine. |
|
Solution |
|
Actualización de software Mandriva Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libwine1-20040213-3.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libwine1-capi-20040213-3.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libwine1-devel-20040213-3.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libwine1-twain-20040213-3.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/wine-20040213-3.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/wine-utils-20040213-3.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/wine-20040213-3.1.C30mdk.src.rpm Mandrivalinux 2006 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libwine1-20050725-6.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libwine1-capi-20050725-6.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libwine1-devel-20050725-6.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/libwine1-twain-20050725-6.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/wine-20050725-6.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/wine-20050725-6.1.20060mdk.src.rpm SUSE Linux Actualizar mediante YaST Online Update Debian Linux Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2.dsc http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2.diff.gz http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310.orig.tar.gz Architecture independent components http://security.debian.org/pool/updates/main/w/wine/wine-doc_0.0.20050310-1.2_all.deb Intel IA-32 http://security.debian.org/pool/updates/main/w/wine/libwine_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-alsa_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-arts_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-capi_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-dev_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-jack_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-nas_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-print_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/libwine-twain_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/wine_0.0.20050310-1.2_i386.deb http://security.debian.org/pool/updates/main/w/wine/wine-utils_0.0.20050310-1.2_i386.deb |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-0106 |
BID | |
Other resources |
|
Mandriva Security Advisory (MDKSA-2006:014) http://www.mandriva.com/security/advisories?name=MDKSA-2006:014 SUSE Security Summary Report SUSE-SR:2006:002 http://www.novell.com/linux/security/advisories/2006_02_sr.html Debian Security Advisory DSA 954-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2006/msg00027.html |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-01-17 |
1.1 | Aviso emitido por SUSE (SUSE-SR:2006:002) | 2006-01-24 |
1.2 | Aviso emitido por Debian (DSA 954-1) | 2006-01-25 |