[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[netCDF #BDF-181549]: security vulnerability checking
- To: Robert.M.Candey@xxxxxxxx
- Subject: [netCDF #BDF-181549]: security vulnerability checking
- From: "Unidata netCDF Support" <support-netcdf@xxxxxxxxxxxxxxxx>
- Date: Wed, 14 May 2008 07:38:03 -0600
- Delivered-to: support-netcdf@unidata.ucar.edu by laraine.unidata.ucar.edu (Postfix) with ESMTP id 9FE92CB190; Wed, 14 May 2008 07:38:03 -0600 (MDT) id 6F4DDD4FBC; Wed, 14 May 2008 07:38:03 -0600 (MDT)
> The CDF library (cdf.gsfc.nasa.gov) has been updated to close a
> possible buffer overflow security vulnerability on reads. Have the
> netCDF code bases been checked for similar security holes? What
> security reviews have you performed? Recommended packages to use? We
> have taken the format translation service
> (cdf.gsfc.nasa.gov/html/dtws.html) offline for safety, and would like
> to update it soon with safer codes (CDF, HDF, netCDF, FITS). Thanx
>
> Robert Candey, Head of CDF project
> --
> Robert.M.Candey@xxxxxxxx 1-301-286-6707
> NASA Goddard Space Flight Center, Code 672
> Greenbelt MD 20771 USA
>
> The contents of this message are mine personally and do not reflect any
position of the US Government or NASA.
>
>
Howdy Robert!
As far as I know, the netcdf code base has never been scanned for such security
holes, but my co-worker Russ will correct me if I am wrong there.
Since it is free source, of course such a review could be done by anyone.
Unfortunately I am unaware of what such a security review should look for.
Did you do such a review for the CDF library? Did you do it yourself or did
some outside group do it? Any information about your process would be most
welcome.
Thanks,
Ed
Ticket Details
===================
Ticket ID: BDF-181549
Department: Support netCDF
Priority: Normal
Status: Closed
