PT-2012-1049 · Network Ups Tools+1 · Network Ups Tools+1

Sebastian Pohle

Published

2012-06-01

Updated

2024-06-15

CVE-2012-2944

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Network UPS Tools (NUT) versions prior to 2.6.4 nut versions prior to 2.6.3

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. A buffer overflow in the addchar function in common/parseconf.c in upsd allows remote attackers to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 2.6.4, update to version 2.6.4 or later to resolve the issue. For versions prior to 2.6.3, update to version 2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the addchar function in common/parseconf.c to minimize the risk of exploitation.

Exploit

Fix

DoS

RCE

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-03319

BDU:2015-09674

CVE-2012-2944

DSA-2484-1

OPENSUSE-SU-2024:10009-1

SUSE-SU-2012_1077-1

SUSE-SU-2012_1077-2

Affected Products

Network Ups Tools

Suse

PT-2012-1049 · Network Ups Tools+1 · Network Ups Tools+1

CVE-2012-2944

Weakness Enumeration

Related Identifiers

Affected Products

References · 29