IPB
X   Site Message
(Message will auto close in 2 seconds)

Welcome Guest ( Log In | Register )

CDF software library security vulnerability, NASA software in "bug" shock!
imipak
post May 6 2008, 07:54 PM
Post #1


Member
***

Group: Members
Posts: 646
Joined: 23-December 05
From: Forest of Dean
Member No.: 617
Apologies if this is the wrong place (thread or site) to post this; delete away if so of course...

When I came across this at work, my first thought was "crumbs, what an obscure piece of software, who on earth could have a use for such a thing outside NASA?"; the second second was "...UMSF!"

So, there's a security vulnerability in the CDF library, which is apparently used in plenty of places outside NASA smile.gif An attacker would have to trick the victim into opening an evil CDF data file of some sort, e.g. by masquerading as a trusted source.

QUOTE
"CDF [1] is a common data format developed by the NASA Goddard Space Flight Center. [...] The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels.

The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. [...]


There's a NASA advisory & fixed version here:
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html


--------------------
--
Viva software libre!
Go to the top of the page
 
+Quote Post

Posts in this topic
- imipak   CDF software library security vulnerability   May 6 2008, 07:54 PM

« Next Oldest · Chit Chat · Next Newest »
 

Reply to this topicStart new topic

 

Display Mode: Switch to: Standard · Switch to: Linear+ · Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 17th December 2024 - 02:09 AM
Powered By IP.Board © 2024  IPS, Inc.
RULES AND GUIDELINES
Please read the Forum Rules and Guidelines before posting.

IMAGE COPYRIGHT
Images posted on UnmannedSpaceflight.com may be copyrighted. Do not reproduce without permission. Read here for further information on space images and copyright.

 OPINIONS AND MODERATION
Opinions expressed on UnmannedSpaceflight.com are those of the individual posters and do not necessarily reflect the opinions of UnmannedSpaceflight.com or The Planetary Society. The all-volunteer UnmannedSpaceflight.com moderation team is wholly independent of The Planetary Society. The Planetary Society has no influence over decisions made by the UnmannedSpaceflight.com moderators.		 SUPPORT THE FORUM
Unmannedspaceflight.com is funded by the Planetary Society. Please consider supporting our work and many other projects by donating to the Society or becoming a member.