Bug 826489 (CVE-2012-2944)

Summary: CVE-2012-2944 nut: Heap-based buffer overflow due improper processing of non-printable characters in random network data
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED UPSTREAM QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, mhlavink, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:58:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 826933, 826934    
Bug Blocks:    

Description Jan Lieskovsky 2012-05-30 10:46:59 UTC
A heap-based buffer overflow flaw was found in the way upsd server of NUT, a network UPS tools suite, processed non-printable characters, being present in data received from the network. A remote attacker could provide a specially-crafted packet, that when processed by the upsd server would lead to upsd executable crash, or, potentially arbitrary code execution with the privileges of the user running upsd.

References:
[1] http://trac.networkupstools.org/projects/nut/changeset/3633
[2] https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542

Comment 5 Jan Lieskovsky 2012-05-31 09:18:22 UTC
Public via:
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=675203

Comment 6 Jan Lieskovsky 2012-05-31 09:20:21 UTC
Created nut tracking bugs for this issue

Affects: fedora-all [bug 826933]
Affects: epel-all [bug 826934]

Comment 7 Fedora Update System 2012-06-15 00:19:42 UTC
nut-2.6.3-4.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2012-06-15 00:25:15 UTC
nut-2.6.3-4.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2012-06-15 00:33:40 UTC
nut-2.6.3-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2012-06-19 17:03:19 UTC
nut-2.2.2-3.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2012-06-19 17:04:44 UTC
nut-2.6.3-4.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Product Security DevOps Team 2019-06-10 10:58:42 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.