Your message dated Fri, 25 Apr 2008 22:23:45 +0100
with message-id <[EMAIL PROTECTED]>
and subject line xwine has been removed from Debian, closing #468050
has caused the Debian Bug report #468050,
regarding Security problems present in xwine
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
468050: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468050
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: xwine
Version: 1.0.1-1.1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
I'd urge for the removal of this package from Lenny/Sid because
of bug 460783 + this one...
xwine contains two flaws:
1. Insecure use of temporary files.
2. Broken permissions on /etc/wine/config
Printing uses the static file '/tmp/temporaire' for spooling into
with no sanity checks, then this:
./w_editeur.c: system("cat /tmp/temporaire | lp &");
./w_editeur.c: system("rm -f /tmp/temporaire");
The second issue is more interesting. The global wine configuration
file is abused thusly:
./w_export.c: system("cp -f ~/.wine/config /etc/wine/");
./w_export.c: system("chmod 666 /etc/wine/config");
I guess for this to work the program must be started by root,
but if the permissions are 0666 then any user may edit the file
and cause DOS for local users. I'm not horribly familiar with
Window configuration, but it does seem like you could cause
arbitrary code to run when a local user invokes wine, and prints,
via a configuration file like this:
/etc/wine/config:
[spooler]
"FILE:" = "tmp.ps"
"LPT1:" = "|/tmp/bogus-spooler.lpr"
Mitigating circumstances are that these days Wine ignores
/etc/wine/config & ~/.wine/config. Instead this information
is stored in the wine registry which actually renders this package
pointless for etch+
Steve
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.18-4-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---
Version: 1.0.1-1.1+rm
The xwine package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.
For more information about this package's removal, read
http://bugs.debian.org/468398 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
http://Marco.Tondela.org
--- End Message ---
