CVE-2012-2944

Publication date 30 May 2012

Last updated 24 July 2024

Ubuntu priority

Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nut	12.04 LTS precise	Fixed 2.6.3-1ubuntu1.1
	11.10 oneiric	Fixed 2.6.1-2ubuntu2.1
	11.04 natty	Fixed 2.6.0-1ubuntu3.1
	10.04 LTS lucid	Fixed 2.4.3-1ubuntu3.2
	8.04 LTS hardy	Not affected

Notes

jdstrand

per upstream, only 2.4 and higher are affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nut	Upstream: http://trac.networkupstools.org/projects/nut/changeset/3633

CVE-2012-2944

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references