Cisco uniied IP Phone 7900 Series CNU kernel Local Privilege Escalation Vulnerability

Release date:
Updated on:

Affected Systems:
Cisco uniied IP Phone 7971G
Cisco uniied IP Phone 7970G
Cisco uniied IP Phone 7961G
Cisco uniied IP Phone 7960G
Cisco uniied IP Phone 7960
Cisco uniied IP Phone 7941G
Cisco uniied IP Phone 7940G
Cisco uniied IP Phone 7940
Cisco uniied IP Phone 7936
Cisco uniied IP Phone 7935
Cisco uniied IP Phone 7911G
Cisco uniied IP Phone 7906G
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57090
CVE (CAN) ID: CVE-2012-5445
 
Cisco uniied IP Phones 7900 Series is a communication device that combines voice and data convergence networks.
 
The Cisco Native Unix (CNU) kernel of the Cisco uniied IP Phone 7900 Series device does not properly verify the syscall parameters by constructing a specially crafted binary file in the user State, attackers can exploit this vulnerability to execute arbitrary code or cause an OS crash.
 
<* Source: Ang Cui from Columbia University.

Link: http://web.nvd.nist.gov/view/vuln/detail? VulnId = CVE-2012-5445
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Cisco
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://www.cisco.com/cisco/web/support/index.html #~ Shp_product