Security vulnerability in Unshield

Everything about development and the OpenMW source code.
Post Reply
maqifrnswa
Posts: 180
Joined: 14 Jan 2013, 03:57

Security vulnerability in Unshield

Post by maqifrnswa »

Hello all,

openmw uses unshield to extract the original data files, recently a security vulnerability has been found in unshield (CVE-2015-1386). There isn't any sanitation of '../' from filenames, so it is susceptible to path traversal attacks. You can imagine someone creating fake (or pirated) game content, or compromising steam or some other distribution site, and replacing the real content with malicious code that exploits this vulnerability by placing malicious code anywhere on your file system.

Good news is the fix seems easy, I just won't have time to write and test a patch. The author points out the part of relevant code, and I proposed a strategy to fix it here:
https://github.com/twogood/unshield/issues/42

and it is issue number 42, so you know this is important!

-maq
Last edited by Jyby on 28 Dec 2016, 22:23, edited 1 time in total.
Reason: Renamed inaccurate topic subject
User avatar
raevol
Posts: 3093
Joined: 07 Aug 2011, 01:12
Location: Caldera

Re: Hackers wanted to (indirectly) help out openmw security

Post by raevol »

Ace, does this seem like something we should take action on?
User avatar
psi29a
Posts: 5357
Joined: 29 Sep 2011, 10:13
Location: Belgium
Gitlab profile: https://gitlab.com/psi29a/
Contact:

Re: Hackers wanted to (indirectly) help out openmw security

Post by psi29a »

Well if unshield gets punted from Debian/Ubuntu, then we'll be without our openmw-wizard on those systems.
User avatar
raevol
Posts: 3093
Joined: 07 Aug 2011, 01:12
Location: Caldera

Re: Hackers wanted to (indirectly) help out openmw security

Post by raevol »

Oh shoot, I confused this for a Windows issue.
User avatar
psi29a
Posts: 5357
Joined: 29 Sep 2011, 10:13
Location: Belgium
Gitlab profile: https://gitlab.com/psi29a/
Contact:

Re: Hackers wanted to (indirectly) help out openmw security

Post by psi29a »

It's an every OS problem. ;)
User avatar
Ace (SWE)
Posts: 887
Joined: 15 Aug 2011, 14:56

Re: Hackers wanted to (indirectly) help out openmw security

Post by Ace (SWE) »

I think it's actually an every OS but Windows problem, don't think the current OpenMW builds can use unshield on Windows.
Not that you really need to.
nwah
Posts: 45
Joined: 21 Nov 2013, 07:40

Re: Hackers wanted to (indirectly) help out openmw security

Post by nwah »

Ace, I'm in favor of allowing the use of unshield on Windows. I don't want ancient DirectX packages clogging up my system, etc. I think the openmw installer is faster and nicer, and being open source is something we can more confidently support.
User avatar
Ace (SWE)
Posts: 887
Joined: 15 Aug 2011, 14:56

Re: Hackers wanted to (indirectly) help out openmw security

Post by Ace (SWE) »

Nobody's really bothered to get the unshield code to run on Windows, because it's sort of made redundant due to the ability to actually run the real installer.
Can't say that I'd enjoy putting up a second full MSYS build environment just to be able to make builds with it either. Though if I can find some pre-built binary libs then maybe I'd be okay with it.

Either way, someone would need to actually sit down and make it work first.
User avatar
psi29a
Posts: 5357
Joined: 29 Sep 2011, 10:13
Location: Belgium
Gitlab profile: https://gitlab.com/psi29a/
Contact:

Re: Security vulnerability in Unshield

Post by psi29a »

Fixed upstream and now available in Debian.
corristo
Posts: 495
Joined: 12 Aug 2011, 08:29

Re: Security vulnerability in Unshield

Post by corristo »

macOS dependencies repository has been updated: https://github.com/OpenMW/openmw-deps-m ... 8db71e6970
Post Reply