Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Submission + - Flaws in NASA Software->

SecureThroughObscure writes: "The Core Security Team announced that it had discovered a stack overflow flaw in libs created by NASA. They submitted details to the Full-Disclosure mailing list, but the highlights of this have been posted by Nate McFeters on the ZDNet Zero-Day security blog. From the CORE advisory: *Vulnerability Description* CDF [1] is a common data format developed by the NASA Goddard Space Flight Center. It is a conceptual data abstraction for storing, manipulating, and accessing multidimensional data sets. The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels. The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused due to the CDF ('src/lib/cdfread64.c') library not properly sanitizing the length tags on a CDF file before using it to copy data on a stack buffer. This can be exploited to get arbitrary code execution by opening a specially crafted file."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Flaws in NASA Software

Comments Filter:

Work expands to fill the time available. -- Cyril Northcote Parkinson, "The Economist", 1955