Re: Re: [ GLSA 200601-09 ] Wine: Windows MetafileSETABORTPROC vulnerability

[bkfsec <bkfsec () sdf lonestar org>]

Todd Towles wrote:

> Austin wrote:
>  
>
> > Can anyone else verify Steve Gibson's assertion that this 
> > flaw was intentionally placed by Microsoft programmers?
> >    
>
> Better yet, can anyone else verify what he is taking or mixing?
>
>  
The way I read what he's saying there, he's saying that you enter 
malformed input and that malformed input pushes the executable code into 
position to be executed... and as such, because it would be nuts to 
allow odd malformed input to push code into a position to be executed, 
it MUST be intentional.

Hey, I am a Free Software advocate... I'd love to jump on Microsoft if I 
could.  I can, in all honesty, say that the way that the WMF file format 
is setup is a bit nuts from a security standpoint. 

However, if his standard for what makes a vulnerability an intentional 
backdoor is the fact that such malformed data can be entered, then by 
that standard every single buffer overflow, stack overflow, etc... would 
have to be intentional, under that standard.  As much as I'd like to 
jump on Microsoft, I don't think that a sane person can agree with such 
a ludicrous statement.  Now, if there are other reasons to believe that 
this is intentional, well I'd listen regarding it.  However, what I read 
in the provided link doesn't bring me to the conclusion that the flaw 
was intentional, but rather that Steve Gibson is a bit wacko.

Sure, I'm sure that one could make an argument that some acceptances of 
malformed input are intentional backdoors, but not simply by showing 
that there's poor design in the software.  That's not enough at all - 
and neither is speculation.

               -bkfsec


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/