white_dune security problems
Joerg Scheurich aka MUFTI
rusmufti at helpdesk.bera.rus.uni-stuttgart.de
Thu Jan 3 13:23:25 PST 2008
Hi !
There are a buffer overflow and a format string error, all versions of
white_dune older than 0.29beta795 and 0.28pl13 should not be used.
This also includes dune-0.13 (white_dune is a fork of dune-0.13).
Unfortunatly, the security problems are located in errormessage routines,
so it is rather simple to build a exploit 8-(
Versions currently available without this problems are
http://129.69.35.12/dune/white_dune-0.29beta796.tar.gz
for the development version and
http://129.69.35.12/dune/white_dune-0.28pl13.tar.gz
for the stable version.
The major difference between the development and the stable tree is:
- the development version contains much more features and bugfixes
- the user documentation of the development version and the stable version
is almost idenitical 8-(
see also
http://www.securityfocus.com/archive/1/485724
so long
MUFTI
--
"Self-destruct in 5 seconds. Have a nice day...\n");
from /usr/src/linux/fs/super.c
More information about the freebsd-ports
mailing list