[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[netCDF #BDF-181549]: security vulnerability checking

Subject: [netCDF #BDF-181549]: security vulnerability checking
Date: Wed, 14 May 2008 07:38:03 -0600

> The CDF library (cdf.gsfc.nasa.gov) has been updated to close a
> possible buffer overflow security vulnerability on reads. Have the
> netCDF code bases been checked for similar security holes? What
> security reviews have you performed? Recommended packages to use? We
> have taken the format translation service
> (cdf.gsfc.nasa.gov/html/dtws.html) offline for safety, and would like
> to update it soon with safer codes (CDF, HDF, netCDF, FITS). Thanx
>
> Robert Candey, Head of CDF project
> --
> address@hidden           1-301-286-6707
> NASA Goddard Space Flight Center, Code 672
> Greenbelt MD 20771 USA
>
> The contents of this message are mine personally and do not reflect any
position of the US Government or NASA.
>
>

Howdy Robert!

As far as I know, the netcdf code base has never been scanned for such security
holes, but my co-worker Russ will correct me if I am wrong there.

Since it is free source, of course such a review could be done by anyone.
Unfortunately I am unaware of what such a security review should look for.

Did you do such a review for the CDF library? Did you do it yourself or did
some outside group do it? Any information about your process would be most
welcome.

Thanks,

Ed

Ticket Details
===================
Ticket ID: BDF-181549
Department: Support netCDF
Priority: Normal
Status: Closed

Prev by Date: [netCDF #GRX-894298]: problem in installing netcdf in linux
Next by Date: [netCDF #AUD-213411]: bug fix for netcdf under gcc-4.3
Previous by thread: [netCDF #GRX-894298]: problem in installing netcdf in linux
Next by thread: [netCDF #BDF-181549]: security vulnerability checking
Index(es):
- Date
- Thread