[Bug 40347] New: unmount uses unsafe system()
wine-bugs at winehq.org
wine-bugs at winehq.org
Wed Mar 23 13:13:53 CDT 2016
https://bugs.winehq.org/show_bug.cgi?id=40347
Bug ID: 40347
Summary: unmount uses unsafe system()
Product: Wine
Version: unspecified
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: -unknown
Assignee: wine-bugs at winehq.org
Reporter: cpicard at openmailbox.org
Distribution: ---
Created attachment 54037
--> https://bugs.winehq.org/attachment.cgi?id=54037
eject source file
DIR_unmount_device from wine/dlls/ntdll/directory.c doesn't sanitize its input
leading to a possible command execution by unmounting a device mounted on a
malicious path.
To reproduce (from Michael Müller):
$ mkdir "a;xterm"
$ mount "a;xterm"
$ ./eject # launches xterm
where eject is built from the attached code.
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list