From owner-freebsd-ports@FreeBSD.ORG Thu Jan 3 21:23:25 2008 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 238DD16A417 for ; Thu, 3 Jan 2008 21:23:25 +0000 (UTC) (envelope-from rusmufti@helpdesk.bera.rus.uni-stuttgart.de) Received: from charybdis.rus.uni-stuttgart.de (charybdis.rus.uni-stuttgart.de [129.69.1.58]) by mx1.freebsd.org (Postfix) with ESMTP id D2EDA13C461 for ; Thu, 3 Jan 2008 21:23:24 +0000 (UTC) (envelope-from rusmufti@helpdesk.bera.rus.uni-stuttgart.de) Received: from localhost (localhost [127.0.0.1]) by charybdis.rus.uni-stuttgart.de (Postfix) with ESMTP id 0EB8936272C; Thu, 3 Jan 2008 21:58:28 +0100 (CET) X-Virus-Scanned: by amavisd-new at charybdis.rus.uni-stuttgart.de X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char C3 hex): Cc: ...n@mandriva.com, fundawang\303@mandriva.com,\n[...] X-Spam-Flag: NO X-Spam-Score: -2.598 X-Spam-Level: X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NORMAL_HTTP_TO_IP=0.001] Received: from charybdis.rus.uni-stuttgart.de ([127.0.0.1]) by localhost (charybdis.rus.uni-stuttgart.de [127.0.0.1]) (amavisd-new, port 10024) with LMTP id Yk1FRB+KEdWb; Thu, 3 Jan 2008 21:58:27 +0100 (CET) Received: from helpdesk.bera.rus.uni-stuttgart.de (helpdesk.bera.rus.uni-stuttgart.de [129.69.221.120]) by charybdis.rus.uni-stuttgart.de (Postfix) with ESMTP id 56F1A3638BD; Thu, 3 Jan 2008 21:57:53 +0100 (CET) Received: from rusmufti by helpdesk.bera.rus.uni-stuttgart.de with local (Exim 4.61) (envelope-from ) id 1JAX8L-0006at-Fi; Thu, 03 Jan 2008 21:57:45 +0100 Date: Thu, 3 Jan 2008 21:57:45 +0100 To: ports@freebsd.org Message-ID: <20080103205745.GA13555@helpdesk.bera.rus.uni-stuttgart.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.11+cvs20060403 From: Joerg Scheurich aka MUFTI Cc: rzr@users.sf.net, Axel.Thi@ATrpms.net, awilliamson@mandriva.com, dag@wieers.com, fundawangĂ@mandriva.com, dries@ulyssis.org Subject: white_dune security problems X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 21:23:25 -0000 Hi ! There are a buffer overflow and a format string error, all versions of white_dune older than 0.29beta795 and 0.28pl13 should not be used. This also includes dune-0.13 (white_dune is a fork of dune-0.13). Unfortunatly, the security problems are located in errormessage routines, so it is rather simple to build a exploit 8-( Versions currently available without this problems are http://129.69.35.12/dune/white_dune-0.29beta796.tar.gz for the development version and http://129.69.35.12/dune/white_dune-0.28pl13.tar.gz for the stable version. The major difference between the development and the stable tree is: - the development version contains much more features and bugfixes - the user documentation of the development version and the stable version is almost idenitical 8-( see also http://www.securityfocus.com/archive/1/485724 so long MUFTI -- "Self-destruct in 5 seconds. Have a nice day...\n"); from /usr/src/linux/fs/super.c