LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2012:087: nut Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability has been discovered and corrected in nut: Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:087
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : nut
 Date    : June 5, 2012
 Affected: 2010.1, 2011., Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in nut:
 
 Buffer overflow in the addchar function in common/parseconf.c in upsd
 in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to
 execute arbitrary code or cause a denial of service (electric-power
 outage) via a long string containing non-printable characters
 (CVE-2012-2944).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2944
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 8cbd141752ce14533a5bc1d15864c9c5  2010.1/i586/libupsclient1-2.4.3-3.1mdv2010.2.i586.rpm
 5f13bd68571684bb782452e4a94918f7  2010.1/i586/nut-2.4.3-3.1mdv2010.2.i586.rpm
 96929f5e6c561ec3c889bab305e0678e  2010.1/i586/nut-cgi-2.4.3-3.1mdv2010.2.i586.rpm
 da4abba96a5ea4b4acd1cff90d24a847  2010.1/i586/nut-devel-2.4.3-3.1mdv2010.2.i586.rpm
 f3f01ce23d67b4ad9c73be0f72d45843  2010.1/i586/nut-drivers-hal-2.4.3-3.1mdv2010.2.i586.rpm
 8844d3e280f4d63da440a574380f0c4c  2010.1/i586/nut-server-2.4.3-3.1mdv2010.2.i586.rpm 
 cda44549f345e3144d53ff52275c9b95  2010.1/SRPMS/nut-2.4.3-3.1mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 1da8715f71ab61e4350ea6bc12b556ad  2010.1/x86_64/lib64upsclient1-2.4.3-3.1mdv2010.2.x86_64.rpm
 90a537da06e96771c41b29104fd18ba8  2010.1/x86_64/nut-2.4.3-3.1mdv2010.2.x86_64.rpm
 4f720efbaaccdf8fff50861bf4fb2f12  2010.1/x86_64/nut-cgi-2.4.3-3.1mdv2010.2.x86_64.rpm
 16e2dbedba405bc3d72348647c1593cd  2010.1/x86_64/nut-devel-2.4.3-3.1mdv2010.2.x86_64.rpm
 687c05b4549e0997525126021a35997c  2010.1/x86_64/nut-drivers-hal-2.4.3-3.1mdv2010.2.x86_64.rpm
 fbd32d6e4403bfc781b2efcfeb634038  2010.1/x86_64/nut-server-2.4.3-3.1mdv2010.2.x86_64.rpm 
 cda44549f345e3144d53ff52275c9b95  2010.1/SRPMS/nut-2.4.3-3.1mdv2010.2.src.rpm

 Mandriva Linux 2011:
 762144bcc4db108ee2c876dfb3accebb  2011/i586/libupsclient1-2.6.1-1.1-mdv2011.0.i586.rpm
 b7859b2b9a9d5acd548abb212e5c2406  2011/i586/nut-2.6.1-1.1-mdv2011.0.i586.rpm
 51e2ec4f45b3510fee4834f83b3b77b0  2011/i586/nut-cgi-2.6.1-1.1-mdv2011.0.i586.rpm
 b840cf511a37b306c070f990fb213127  2011/i586/nut-devel-2.6.1-1.1-mdv2011.0.i586.rpm
 57f9d8d1de442865464ad2cd17fd0df9  2011/i586/nut-drivers-hal-2.6.1-1.1-mdv2011.0.i586.rpm
 503f841ba7e64f30bf6101bbb7419ea3  2011/i586/nut-server-2.6.1-1.1-mdv2011.0.i586.rpm 
 e58899886557fd47a5e408dab9830fd9  2011/SRPMS/nut-2.6.1-1.1.src.rpm

 Mandriva Linux 2011/X86_64:
 ee6f90720c49111e6fa7a607b1145155  2011/x86_64/lib64upsclient1-2.6.1-1.1-mdv2011.0.x86_64.rpm
 f1857b0d0233eef29733fbc62774ecc5  2011/x86_64/nut-2.6.1-1.1-mdv2011.0.x86_64.rpm
 ebb6ae30d8143116b220e3feac15ef5f  2011/x86_64/nut-cgi-2.6.1-1.1-mdv2011.0.x86_64.rpm
 41ff265fd1e0c07eb99a0b26c2769054  2011/x86_64/nut-devel-2.6.1-1.1-mdv2011.0.x86_64.rpm
 571c5156b67adceae535366dbff546e3  2011/x86_64/nut-drivers-hal-2.6.1-1.1-mdv2011.0.x86_64.rpm
 a48526362c08d594c863fedaaeae7191  2011/x86_64/nut-server-2.6.1-1.1-mdv2011.0.x86_64.rpm 
 e58899886557fd47a5e408dab9830fd9  2011/SRPMS/nut-2.6.1-1.1.src.rpm

 Mandriva Enterprise Server 5:
 ef980671bc85dac89b46dad2a2e1b14a  mes5/i586/libupsclient1-2.2.2-5.1mdvmes5.2.i586.rpm
 d73eb5d8d367a8cec458ae8a1a61c96a  mes5/i586/nut-2.2.2-5.1mdvmes5.2.i586.rpm
 efa798b935af4bf96376e6106fb1f781  mes5/i586/nut-cgi-2.2.2-5.1mdvmes5.2.i586.rpm
 c25a2604afa95af813053a1815c5a646  mes5/i586/nut-devel-2.2.2-5.1mdvmes5.2.i586.rpm
 24863f77e389d32f840e6851eb36012a  mes5/i586/nut-drivers-hal-2.2.2-5.1mdvmes5.2.i586.rpm
 c1067cb506937f6dbecdb226fca2c81a  mes5/i586/nut-server-2.2.2-5.1mdvmes5.2.i586.rpm 
 672bc92d6c31a7213af82a886a4332b1  mes5/SRPMS/nut-2.2.2-5.1mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 b4952c0ffba50afb28e4b435d9deb8aa  mes5/x86_64/lib64upsclient1-2.2.2-5.1mdvmes5.2.x86_64.rpm
 55949a3a2b812b12f4a98ed6dc790b5f  mes5/x86_64/nut-2.2.2-5.1mdvmes5.2.x86_64.rpm
 15f24161ebdc01d3c4b219d61cf6b1a7  mes5/x86_64/nut-cgi-2.2.2-5.1mdvmes5.2.x86_64.rpm
 b28c19b992b16bb4c140e1ae1647822b  mes5/x86_64/nut-devel-2.2.2-5.1mdvmes5.2.x86_64.rpm
 b06cf19cc277f57d40ac7140b8382017  mes5/x86_64/nut-drivers-hal-2.2.2-5.1mdvmes5.2.x86_64.rpm
 a3457f27ee58238a82dfce9881dd89bd  mes5/x86_64/nut-server-2.2.2-5.1mdvmes5.2.x86_64.rpm 
 672bc92d6c31a7213af82a886a4332b1  mes5/SRPMS/nut-2.2.2-5.1mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.