white_dune security problems

Joerg Scheurich aka MUFTI rusmufti at helpdesk.bera.rus.uni-stuttgart.de
Thu Jan 3 13:23:25 PST 2008


Hi !

There are a buffer overflow and a format string error, all versions of
white_dune older than 0.29beta795 and 0.28pl13 should not be used.
This also includes dune-0.13 (white_dune is a fork of dune-0.13).
Unfortunatly, the security problems are located in errormessage routines,  
so it is rather simple to build a exploit 8-(


Versions currently available without this problems are 

http://129.69.35.12/dune/white_dune-0.29beta796.tar.gz

for the development version and

http://129.69.35.12/dune/white_dune-0.28pl13.tar.gz

for the stable version.


The major difference between the development and the stable tree is:

- the development version contains much more features and bugfixes

- the user documentation of the development version and the stable version
  is almost idenitical 8-( 

see also 

http://www.securityfocus.com/archive/1/485724

so long
MUFTI
--
                     "Self-destruct in 5 seconds.  Have a nice day...\n");
                                          from /usr/src/linux/fs/super.c


More information about the freebsd-ports mailing list