Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2850

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2850
Last Modified 21 Aug 2009 12:00:00
Published 18 Aug 2009 05:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2850

Summary

Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions.

Vulnerable Systems

Application

  • Nasa Goddard Space Flight Center Common Data Format


References

CONFIRM - http://cdf.gsfc.nasa.gov/html/CDF_v330.html

BUGTRAQ - 20090721 [INFIGO-2009-07-09]: NASA Common Data Format remote buffer overflow(s)

MLIST - [oss-security] 20090814 CVE request: Common Data Format (CDF) library multiple heap-based buffer overflows

CONFIRM - http://cdf.gsfc.nasa.gov/html/CDF_changesnote2.html


Last Updated: 27 May 2016 10:51:02