white_dune security problems
Joerg Scheurich aka MUFTI
rusmufti at helpdesk.bera.rus.uni-stuttgart.de
Thu Jan 3 13:23:25 PST 2008
There are a buffer overflow and a format string error, all versions of
white_dune older than 0.29beta795 and 0.28pl13 should not be used.
This also includes dune-0.13 (white_dune is a fork of dune-0.13).
Unfortunatly, the security problems are located in errormessage routines,
so it is rather simple to build a exploit 8-(
Versions currently available without this problems are
for the development version and
for the stable version.
The major difference between the development and the stable tree is:
- the development version contains much more features and bugfixes
- the user documentation of the development version and the stable version
is almost idenitical 8-(
"Self-destruct in 5 seconds. Have a nice day...\n");
More information about the freebsd-ports