Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19846
HistoryMay 14, 2008 - 12:00 a.m.

[ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code

2008-05-1400:00:00
vulners.com
7
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gentoo Linux Security Advisory GLSA 200805-14

                                        http://security.gentoo.org/

Severity: Normal
Title: Common Data Format library: User-assisted execution of
arbitrary code
Date: May 13, 2008
Bugs: #220391
ID: 200805-14

Synopsis

A buffer overflow vulnerability has been discovered in the Common Data
Format library.

Background

The Common Data Format library is a scientific data management package
which allows programmers and application developers to manage and
manipulate scalar, vector, and multi-dimensional data arrays in a
platform independent fashion.

Affected packages

-------------------------------------------------------------------
 Package       /  Vulnerable  /                         Unaffected
-------------------------------------------------------------------

1 sci-libs/cdf < 3.2.1 >= 3.2.1

Description

Alfredo Ortega (Core Security Technologies) reported a boundary error
within the Read32s_64() function when processing CDF files.

Impact

A remote attacker could entice a user to open a specially crafted CDF
file, possibly resulting in the remote execution of arbitrary code with
the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Common Data Format library users should upgrade to the latest
version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=sci-libs/cdf-3.2.1&quot;

References

[ 1 ] CVE-2008-2080
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2080

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200805-14.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKfxTuhJ+ozIKI5gRAig8AJ4oVA3e+iZz1hPKdrRsQhv4UHq+cwCfSLKA
kSBtB5lfEsFAI+SnQzEHRdA=
=p8vP
-----END PGP SIGNATURE-----

Related

nessus 2
openvas 4
freebsd 1
seebug 1
coresecurity 1
cve 1
packetstorm 1
prion 1
securityvulns 1
gentoo 1
nessus
nessus
GLSA-200805-14 : Common Data Format library: User-assisted execution of arbitrary code
2008-05-16 00:00:00
FreeBSD : cdf3 -- Buffer overflow vulnerability (c4f31e16-6e33-11dd-8eb7-0011098ad87f)
2008-08-20 00:00:00
openvas
openvas
FreeBSD Ports: cdf3
2008-09-04 00:00:00
FreeBSD Ports: cdf3
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200805-14 (cdf)
2008-09-24 00:00:00
freebsd
freebsd
cdf3 -- Buffer overflow vulnerability
2008-05-15 00:00:00
seebug
seebug
CDF库src/lib/cdfread64.c文件栈溢出漏洞
2008-05-07 00:00:00
coresecurity
coresecurity
NASA's Common Data Format Buffer Overflow
2008-05-05 00:00:00
cve
cve
CVE-2008-2080
2008-05-06 15:20:00
packetstorm
packetstorm
Core Security Technologies Advisory 2008.0326
2008-05-05 00:00:00
prion
prion
Stack overflow
2008-05-06 15:20:00
securityvulns
securityvulns
Common Data Format library buffer overflow
2008-05-14 00:00:00
gentoo
gentoo
Common Data Format library: User-assisted execution of arbitrary code
2008-05-13 00:00:00
JSON
Related for SECURITYVULNS:DOC:19846
nessus2openvas4freebsd1seebug1coresecurity1cve1packetstorm1prion1securityvulns1gentoo1