发布日期:2012-12-27
更新日期:2013-01-05
受影响系统:
Cisco Unified IP Phone 7971G
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7960G
Cisco Unified IP Phone 7960
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7940G
Cisco Unified IP Phone 7940
Cisco Unified IP Phone 7936
Cisco Unified IP Phone 7935
Cisco Unified IP Phone 7911G
Cisco Unified IP Phone 7906G
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57090
CVE(CAN) ID: CVE-2012-5445
Cisco Unified IP Phones 7900 Series结合了语音和数据融合网络的通信设备。
Cisco Unified IP Phone 7900系列设备Cisco Native Unix (CNU)内核没有正确验证系统调用(syscall)的参数,通过在用户态下构造特制的二进制文件,攻击者可利用此漏洞以内核权限执行任意代码或造成操作系统崩溃。
<*来源:Ang Cui from Columbia University.
链接:?vulnId=CVE-2012-5445
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: