https://bugs.winehq.org/show_bug.cgi?id=40347
Bug ID: 40347 Summary: unmount uses unsafe system() Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: cpicard@openmailbox.org Distribution: ---
Created attachment 54037 --> https://bugs.winehq.org/attachment.cgi?id=54037 eject source file
DIR_unmount_device from wine/dlls/ntdll/directory.c doesn't sanitize its input leading to a possible command execution by unmounting a device mounted on a malicious path.
To reproduce (from Michael Müller):
$ mkdir "a;xterm" $ mount "a;xterm" $ ./eject # launches xterm
where eject is built from the attached code.
https://bugs.winehq.org/show_bug.cgi?id=40347
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |austinenglish@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=40347
Jactry Zeng jactry92@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jactry92@gmail.com
-
wine-bugs@winehq.org