more on Steve Gibson: MS WMF is a Backdoor, Not a Coding Mistake

[David Farber <dave () farber net>]

Begin forwarded message:

From: security curmudgeon <jericho () attrition org>
Date: January 13, 2006 6:27:51 PM EST
To: David Farber <dave () farber net>
Cc: ip () v2 listbox com
Subject: Re: [IP] Steve Gibson: MS WMF is a Backdoor, Not a Coding  
Mistake


As Randal Schwartz points out, this vulnerability affects WINE. If it
affects an opensource project that is based off Windows API  
documentation,
and not Microsoft code .. it seems very unlikely this is an intentional
backdoor.


WINE info:
http://www.winehq.com/

H D Moore discovers WINE is vulnerable:
http://archives.neohapsis.com/archives/dailydave/2006-q1/0021.html

Gentoo confirms WINE is vulnerable:
http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml


From: Randal L. Schwartz <merlyn () stonehenge com>
To: Morning Wood <se_cur_ity () hotmail com>
Cc: full-disclosure () lists grok org uk
Date: 13 Jan 2006 14:31:06 -0800
Subject: Re: [Full-disclosure] Steve Gibson smokes crack?

> > > > > "Morning" == Morning Wood <se_cur_ity () hotmail com> writes:

Morning> http://aolradio.podcast.aol.com/sn/SN-022.mp3
Morning> claiming SetAbortProc() was a purpose placed backdoor...

I've heard that WINE suffers from the same exploit.  How could
it be a microsoft "conspiracy" if WINE (implemented from API docs)
does the same thing?

--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503  
777 0095
<merlyn () stonehenge com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/