Unidata - To provide the data services, tools, and cyberinfrastructure leadership that advance Earth system science, enhance educational opportunities, and broaden participation. Unidata
         
  advanced  
 

LDM Security Notices


Table of Contents

xdr_array() vulnerability

The LDM might be vulnerable to an attack based on a particular implementation of the function xdr_array() in the XDR library. Information on this vulnerability may be found at http://www.cert.org/advisories/CA-2002-25.html.

The above link also contains information on fixing the vulnerability.

This vulnerability is mitigated by the following:

  1. Only sites that have ALLOW entries in your LDM configuration file can exploit this security hole.
  2. On UNIX systems (for which the LDM is designed) the remote LDM must be installed by the superuser to use the LDM's reserved port.

xdrmem_getbytes() vulnerability

The LDM might be vulnerable to an attack based on a particular implementation of the function xdrmem_getbytes() in the XDR library. Information on this vulnerability may be found at http://www.cert.org/advisories/CA-2003-10.html.

The above link also contains information on fixing the vulnerability.

This vulnerability is mitigated by the following:

  1. Only sites that have ALLOW entries in your LDM configuration file can exploit this security hole.
  2. On UNIX systems (for which the LDM is designed) the remote LDM must be installed by the superuser to use the LDM's reserved port.
 
 
  Contact Us     Site Map     Search     Terms and Conditions     Privacy Policy     Participation Policy
 
National Science Foundation (NSF) UCAR Community Programs   Unidata is a member of the UCAR Community Programs, is managed by the University Corporation for Atmospheric Research, and is sponsored by the National Science Foundation.
P.O. Box 3000     Boulder, CO 80307-3000 USA     Tel: 303-497-8643     Fax: 303-497-8690