May 5th, 2008
Hacking NASA: One small step for man, one giant leap for hackers?
The CORE Security Team released an advisory to the Full-Disclosure mailing list today that documented a stack overflow in NASA’s Common Data Format libs.
Looking at this bug, the tech details aren’t overwhelming, I think I’m mostly excited about it due to the high profile of hacking NASA libs. One can hardly fault NASA though, I mean, our government can’t even get them enough money to do some real space exploration, it’s hard to fault them for missing some security issues.
I’ll leave the technical details to CORE’s advisory, as they have a great description:
The libraries for the scientific data file format, Common Data Format (CDF) http://cdf.gsfc.nasa.gov/ version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted (invalid) CDF files. If successful, this could trigger execution of arbitrary code within the context of the CDF-reading program that could be exploited to compromise a system, or otherwise crash the program. While it’s unlikely that you would open CDFs from untrusted sources, we recommend everyone upgrade to the latest CDF libraries on their systems, including the IDL and Matlab plugins. Most worrisome is any service that enables the general public to submit CDF
files for processing.The vulnerability is in the CDF library routines not properly checking the length tags on a CDF file before copying data to a stack buffer. Exploitation requires the user to explicitly open a specially-crafted file. CDF users should not open files from untrusted third parties until the patch is applied (and continue then to exercise normal caution for files from untrusted third parties).
CDF 3.2.1 addresses this vulnerability and introduces further usability fixes http://cdf.gsfc.nasa.gov/. Updates for Perl, IDL, Matlab and Java WebStart are also available. Java WebStart applications that refer to
http://sscweb.gsfc.nasa.gov/skteditor/cdf/cdf-latest.jnlp, will automatically be updated to include this fix the next time the application is started while connected to the Internet.…Exploitation of the CDF overflow problem requires the user to explicitly open a specially crafted file. The user should refrain from opening files from untrusted third parties or accessing untrusted Web sites until the patch is applied.
Wow, what can I say, great work by the CORE team, on an interesting target.
-Nate
Nathan McFeters is a Senior Security Advisor for Ernst & Young's Advanced Security Center in Chicago. The views and opinions expressed in this article are his own and do not represent the views and opinions of Ernst & Young Advanced Security Center or Ernst & Young, LLP. Nathan has performed web application, deep source code, Internet, Intranet, wireless, dial-up, and social engineering engagements for numerous clients in the Fortune 500 during his career at Ernst & Young and has spoken at a number of prestigious conferences, including Black Hat, DEFCON, ToorCon, and Hack in the Box. He can be found at his Pwn* blog and XS-Sniper, a blog with Billy Rios. See his full profile and disclosure of his industry affiliations.
