16-bit counter overflow == Comair debacle ?

Filed under: ,
Published Posted Wednesday, December 29, 2004 12:12 PM by Nino

I saw this gem last night on the BugTraq list: http://www.securityfocus.com/archive/1/385571/2004-12-26/2005-01-01/0

There is also this link from the Cincinnati Post.

From the BugTraq posting in reference to the Cincy Post article:

“According to the article, Comair is running a 15-year old scheduling
software package from SBS International (www.sbsint.com).  The software has
a hard limit of 32,000 schedule changes per month.  With all of the bad
weather last week, Comair apparently hit this limit and then was unable to
assign pilots to planes.

It sounds like 16-bit integers are being used in the SBS International
scheduling software to identify transactions.  Given that the software is 15
years old, this design decision perhaps was made to save on memory usage.
In retrospect, 16-bit integers were probably not a good choice.”

UpdateThe Cincinnati Enquirer ran this piece on Sunday (January 2, 2005) as a follow up.

 

-Nino

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

Comments

. Thursday, January 20, 2005 11:19 PM

<a href="http://www.sec.com">http://www.sec.com</a>

Nino