Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - Flaws in NASA Software (zdnet.com)

SecureThroughObscure writes: "The Core Security Team announced that it had discovered a stack overflow flaw in libs created by NASA. They submitted details to the Full-Disclosure mailing list, but the highlights of this have been posted by Nate McFeters on the ZDNet Zero-Day security blog. From the CORE advisory: *Vulnerability Description* CDF [1] is a common data format developed by the NASA Goddard Space Flight Center. It is a conceptual data abstraction for storing, manipulating, and accessing multidimensional data sets. The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels. The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused due to the CDF ('src/lib/cdfread64.c') library not properly sanitizing the length tags on a CDF file before using it to copy data on a stack buffer. This can be exploited to get arbitrary code execution by opening a specially crafted file."
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Flaws in NASA Software

Comments Filter:

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN

Working...