white_dune security problems

Joerg Scheurich aka MUFTI rusmufti at helpdesk.bera.rus.uni-stuttgart.de
Thu Jan 3 13:23:25 PST 2008

Hi !

There are a buffer overflow and a format string error, all versions of
white_dune older than 0.29beta795 and 0.28pl13 should not be used.
This also includes dune-0.13 (white_dune is a fork of dune-0.13).
Unfortunatly, the security problems are located in errormessage routines,  
so it is rather simple to build a exploit 8-(

Versions currently available without this problems are

for the development version and

for the stable version.

The major difference between the development and the stable tree is:

- the development version contains much more features and bugfixes

- the user documentation of the development version and the stable version
  is almost idenitical 8-( 

see also 


so long
                     "Self-destruct in 5 seconds.  Have a nice day...\n");
                                          from /usr/src/linux/fs/super.c

More information about the freebsd-ports mailing list