发布日期:2012-12-27
更新日期:2013-01-05受影响系统:
Cisco Unified IP Phone 7971G
Cisco Unified IP Phone 7970G
Cisco Unified IP Phone 7961G
Cisco Unified IP Phone 7960G
Cisco Unified IP Phone 7960
Cisco Unified IP Phone 7941G
Cisco Unified IP Phone 7940G
Cisco Unified IP Phone 7940
Cisco Unified IP Phone 7936
Cisco Unified IP Phone 7935
Cisco Unified IP Phone 7911G
Cisco Unified IP Phone 7906G
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57090
CVE(CAN) ID: CVE-2012-5445
Cisco Unified IP Phones 7900 Series结合了语音和数据融合网络的通信设备。
Cisco Unified IP Phone 7900系列设备Cisco Native Unix (CNU)内核没有正确验证系统调用(syscall)的参数,通过在用户态下构造特制的二进制文件,攻击者可利用此漏洞以内核权限执行任意代码或造成操作系统崩溃。
<*来源:Ang Cui from Columbia University.
链接:http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5445
*>建议:
--------------------------------------------------------------------------------
厂商补丁:
Cisco
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.cisco.com/cisco/web/support/index.html#~shp_productGnuPG 远程内存破坏漏洞Opera Web Browser WebP图形信息泄露漏洞相关资讯 Cisco安全漏洞
- Cisco Prime Data Center Network (09/23/2013 05:34:39)
- Cisco WebEx ARF Player内存破坏漏 (09/06/2013 13:42:59)
- Cisco Unified Communications (08/23/2013 19:08:57)
| - Cisco Prime Data Center Network (09/22/2013 18:17:00)
- Cisco Secure Access Control (09/06/2013 13:42:31)
- Cisco VC220/VC240 Network (08/03/2013 14:33:33)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人
|
易网时代-编程资源站