Version(s): 20050211 and previous versions Description: A vulnerability was reported in Wine. A local user may be able to access the registry. Wine creates temporary files in an unsafe manner. When a Win32-based application is launched by Wine, a copy of the registry is made in the '/tmp' directory. The file is created with globally readable permissions. A local user can view the file to obtain the registry contents. The filename is of the format 'regxxxxxxyyyy.tmp' [where the 'x' values are the process ID in haxadecimal representation and the 'y' values are an integer value that is often equal to zero]. Giovanni Delvecchio of Zone-h reported this vulnerability. Impact: A local user may be able to access the registry for a target user. Solution: No solution was available at the time of this entry.
Follow upstream @ http://bugs.winehq.org/show_bug.cgi?id=2715
Following patches in CVS: http://www.winehq.org/hypermail/wine-cvs/2005/03/0205.html http://www.winehq.org/hypermail/wine-cvs/2005/03/0243.html http://www.winehq.org/hypermail/wine-cvs/2005/03/0249.html Probably better to wait for a new snapshot version... Ccing herd
current wine has a bug open about it that isnt present in the previous version so i think i'll patch our current stable
added 20050111-r1 with said patch (20050111 is our current stable) unstable i'd prefer to wait for next snap release
Ready for GLSA decision. Not sure if it's an A4 (info disclosure) or an A3 (insecure tmpfile creation). GLSA should say *>=20050111-r1 and >20050310 are unaffected, <=20050310 is affected.
I vote NO.
i'd call it more info disclosure no one (in their right mind) runs wine as root, so the attack possibilities for a non-root user are not nearly as fun ... reading their passwords is quite fun though :) the other aspect of this is that how many people use wine in a multi-user environemnt ? imho, wine is typically a 'desktop' app (the only user logs in locally and uses X and crap) ...
Voting NO too. As usual, reopen if you disagree
