{"id":13855,"date":"2007-05-24T21:24:43","date_gmt":"2007-05-24T21:24:43","guid":{"rendered":"http:\/\/127.0.0.1\/ef\/?p=13855"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T22:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/www.emu-france.com\/?p=13855","title":{"rendered":"[Ordi.] Bochs ne tourne plus rond ?"},"content":{"rendered":"<p>Ca devait arriver&#8230; Deux failles ont \u00e9t\u00e9 d\u00e9couvertes dans l&rsquo;\u00e9mulateur \u00ab\u00a0tr\u00e8s en vogue\u00a0\u00bb <strong><a href=\"http:\/\/bochs.sourceforge.net\/\">Bochs<\/a><\/strong>. L&rsquo;une d&rsquo;elle se situe au niveau de l&rsquo;\u00e9mulation de la carte r\u00e9seau virtuelle :<\/p>\n<p><em>\u00ab\u00a0Le premier probl\u00e8me r\u00e9sulte d&rsquo;un d\u00e9bordement d&rsquo;entier pr\u00e9sent au niveau du p\u00e9riph\u00e9rique virtuel NE2000 qui ne valide pas correctement les valeurs du registre TXCNT, ce qui pourrait \u00eatre exploit\u00e9 par un attaquant avec des privil\u00e8ges \u00ab\u00a0root\u00a0\u00bb au sein d&rsquo;un syst\u00e8me virtuel afin d&rsquo;ex\u00e9cuter des commandes arbitraire au sein du syst\u00e8me h\u00f4te.<\/p>\n<p>La seconde vuln\u00e9rabilit\u00e9 est caus\u00e9e par une division par z\u00e9ro pr\u00e9sente au niveau du contr\u00f4leur de disquettes, ce qui pourrait \u00eatre exploit\u00e9 par un utilisateur malveillant afin d&rsquo;alt\u00e9rer le fonctionnement d&rsquo;une application vuln\u00e9rable.\u00a0\u00bb<\/em><\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" src=\"https:\/\/www.emu-france.com\/wp-content\/uploads\/2007\/05-mai\/24\/bochs_win95_capture.jpg\" border=\"0\"><\/p>\n<p>Plus grave, on apprend qu&rsquo;aucun correctif officiel n&rsquo;est disponible pour le moment&#8230;<\/p>\n<p>Certes, \u00eatre root sur une machine virtuelle impose un cas de figure assez particulier, mais c&rsquo;est une chose qui n&rsquo;est pas impossible devant le nombre d&rsquo;exploits disponibles sur des applicatifs vari\u00e9s du monde linux (et surtout de la non application des correctifs pas les administrateurs&#8230;). Le fait d&rsquo;atteindre le syst\u00e8me h\u00f4te permet ensuite d&rsquo;attaquer l&rsquo;ensemble des machines virtuelles h\u00e9berg\u00e9es, et la&#8230; c&rsquo;est le drame !<\/p>\n<div class=\"fcbkbttn_buttons_block\" id=\"fcbkbttn_left\"><div class=\"fb-share-button  \" data-href=\"https:\/\/www.emu-france.com\/?p=13855\" data-type=\"button_count\" data-size=\"small\"><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Ca devait arriver&#8230; Deux failles ont \u00e9t\u00e9 d\u00e9couvertes dans l&rsquo;\u00e9mulateur \u00ab\u00a0tr\u00e8s en vogue\u00a0\u00bb Bochs. L&rsquo;une d&rsquo;elle se situe au niveau de l&rsquo;\u00e9mulation de la carte r\u00e9seau virtuelle : \u00ab\u00a0Le premier probl\u00e8me r\u00e9sulte d&rsquo;un d\u00e9bordement d&rsquo;entier pr\u00e9sent au niveau du p\u00e9riph\u00e9rique &#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[],"tags":[],"class_list":["post-13855","post","type-post","status-publish","format-standard","hentry","uentry","postonpage-1","odd","post-author-Eric_Aw"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/sKi2R-","jetpack_likes_enabled":false,"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.emu-france.com\/index.php?rest_route=\/wp\/v2\/posts\/13855","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.emu-france.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.emu-france.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.emu-france.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.emu-france.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=13855"}],"version-history":[{"count":0,"href":"https:\/\/www.emu-france.com\/index.php?rest_route=\/wp\/v2\/posts\/13855\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.emu-france.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=13855"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.emu-france.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=13855"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.emu-france.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=13855"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}