FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

nut -- upsd can be remotely crashed

Affected packages
2.4.0 <= nut <= 2.6.3

Details

VuXML ID 47f13540-c4cb-4971-8dc6-28d0dabfd9cd
Discovery 2012-05-30
Entry 2012-05-30

Networkupstools project reports:

NUT server (upsd), from versions 2.4.0 to 2.6.3, are exposed to crashes when receiving random data from the network.

This issue is related to the way NUT parses characters, especially from the network. Non printable characters were missed from strings operation (such as strlen), but still copied to the buffer, causing an overflow.

References

CVE Name CVE-2012-2944
URL http://trac.networkupstools.org/projects/nut/changeset/3633
URL http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1027934.html