Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

+ - Flaws in NASA Software->

Submitted by
SecureThroughObscure
SecureThroughObscure writes "The Core Security Team announced that it had discovered a stack overflow flaw in libs created by NASA. They submitted details to the Full-Disclosure mailing list, but the highlights of this have been posted by Nate McFeters on the ZDNet Zero-Day security blog. From the CORE advisory: *Vulnerability Description* CDF [1] is a common data format developed by the NASA Goddard Space Flight Center. It is a conceptual data abstraction for storing, manipulating, and accessing multidimensional data sets. The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels. The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused due to the CDF ('src/lib/cdfread64.c') library not properly sanitizing the length tags on a CDF file before using it to copy data on a stack buffer. This can be exploited to get arbitrary code execution by opening a specially crafted file."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Flaws in NASA Software

Comments Filter:

Whom computers would destroy, they must first drive mad.

Working...