Re: CVE request: Common Data Format (CDF) library multiple heap-based buffer overflows

["Steven M. Christey" <coley () linus mitre org>]

On Fri, 14 Aug 2009, Alex Legler wrote:

> can I please get a CVE for this:
>
> http://www.infigo.hr/en/in_focus/advisories/INFIGO-2009-07-09
> http://www.securityfocus.com/bid/35754
> http://cdf.gsfc.nasa.gov/html/CDF_changesnote2.html


Due to lack of relevant details from the researcher, it's unclear whether
vectors 2 through 4 are also array index errors, although it's implied
somewhat.  Arguably this could have been split into 2 separate CVES.

======================================================
Name: CVE-2009-2850
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2850
Reference: BUGTRAQ:20090721 [INFIGO-2009-07-09]: NASA Common Data Format remote buffer overflow(s)
Reference: URL:http://www.securityfocus.com/archive/1/505123/30/0/threaded
Reference: MLIST:[oss-security] 20090814 CVE request: Common Data Format (CDF) library multiple heap-based buffer 
overflows
Reference: URL:http://www.openwall.com/lists/oss-security/2009/08/14/3
Reference: CONFIRM:http://cdf.gsfc.nasa.gov/html/CDF_changesnote2.html
Reference: CONFIRM:http://cdf.gsfc.nasa.gov/html/CDF_v330.html

Multiple buffer overflows in NASA Common Data Format (CDF) allow
context-dependent attackers to execute arbitrary code, as demonstrated
using (1) an array index error in the ReadAEDRList64 function, and
other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4)
CDFsel64, and other unspecified functions.