This is not a NASA Website. You might learn something. It's YOUR space agency. Get involved. Take it back. Make it work - for YOU.
keithlcowing AT gmail.com | Voice +1.703.787.6567
Internet Policies

Hacking NASA

By Keith Cowing
NASA Watch
May 6, 2008

Hacking NASA: One small step for man, one giant leap for hackers?, ZD Net

“The CORE Security Team released an advisory to the Full-Disclosure mailing list today that documented a stack overflow in NASA’s Common Data Format libs. Looking at this bug, the tech details aren’t overwhelming, I think I’m mostly excited about it due to the high profile of hacking NASA libs. One can hardly fault NASA though, I mean, our government can’t even get them enough money to do some real space exploration, it’s hard to fault them for missing some security issues.”

Common Data Format (CDF) Version 3.2 and earlier Buffer Overflow Vulnerability

“The libraries for the scientific data file format, Common Data Format (CDF) version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted (invalid) CDF files. If successful, this could trigger execution of arbitrary code within the context of the CDF-reading program that could be exploited to compromise a system, or otherwise crash the program. While it’s unlikely that you would open CDFs from untrusted sources, we recommend everyone upgrade to the latest CDF libraries on their systems, including the IDL and Matlab plugins. Most worrisome is any service that enables the general public to submit CDF files for processing.”

Keith Cowing

NASA Watch founder, Explorers Club Fellow, ex-NASA, Away Teams, Journalist, Space & Astrobiology, Lapsed climber.

MORE FROM Internet Policies