CVE-2012-2944
Published: 30 May 2012
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
Notes
Author | Note |
---|---|
jdstrand | per upstream, only 2.4 and higher are affected |
Priority
Status
Package | Release | Status |
---|---|---|
nut Launchpad, Ubuntu, Debian |
hardy |
Not vulnerable
(2.2.1-2.1ubuntu7.2)
|
lucid |
Released
(2.4.3-1ubuntu3.2)
|
|
natty |
Released
(2.6.0-1ubuntu3.1)
|
|
oneiric |
Released
(2.6.1-2ubuntu2.1)
|
|
precise |
Released
(2.6.3-1ubuntu1.1)
|
|
upstream |
Needs triage
(2.6.4)
|
|
Patches: upstream: http://trac.networkupstools.org/projects/nut/changeset/3633 |