Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2013.0065.2 Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability 18 January 2013 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Unified IP Phones 7900 Series Publisher: Cisco Systems Operating System: Network Appliance Impact/Access: Root Compromise -- Existing Account Resolution: Mitigation CVE Names: CVE-2012-5445 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone Revision History: January 18 2013: An Engineering Special release made available to mitigate known attack vectors January 10 2013: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability Advisory ID: cisco-sa-20130109-uipphone Revision 1.1 Last Updated 2013 January 17 15:16 UTC (GMT) For Public Release 2013 January 9 16:00 UTC (GMT) - - ---------------------------------------------------------------------- Summary ======= Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context. Ang Cui initially reported the issue to the Cisco Product Security Incident Response Team (PSIRT). On November 6, 2012, the Cisco PSIRT disclosed this issue in Cisco bug ID CSCuc83860 Release Note Enclosure. Subsequently, Mr. Cui has spoken at several public conferences and has performed public demonstrations of a device being compromised and used as a listening device. Mitigations are available to help reduce the attack surface of affected devices. See the "Details" section of this security advisory and the accompanying Cisco Applied Mitigation Bulletin (AMB) for additional information. Update: An Engineering Special release has been made available for affected Cisco Customers that includes hardening measures to mitigate the known attack vectors for the vulnerability described in this advisory. This release is available upon request from the Cisco TAC. The release name is 9.3(1)-ES11. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlD4HKgACgkQUddfH3/BbTqIXwD/Vt52DZKHw+GGIE+vewkwjOJv 37T+yqiA10h9za3eP1cA/A3YBxs8TjTkrYtS/9nInHhUzZNeAGq8j5ObZ50rJr4Y =4aLv - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUPikB+4yVqjM2NGpAQJ39w//bLB22Tp3ojwZ5qvHJFow3vNhfeHqdJ9d StPpxVrRUW2Z7a1632tHoO296S5wMnjIRVMYciJR1ycEunvf8UXvv94NUQm6J/4I JmMjRrhgtHYhKyGOlhlXuqMOsr9bN6cc54GAmxd+/N0ppXD/sCMPhMwhhkWm0nwY hnhiHG82F6fja0KhEvrGDzbZw2JAXI2dz69y9sKUHNnayiZY1ONJrzdX+wvGIrMP rraydUSmNjna1mjFYGkLBYvDFjNe0MfoZ+knpQxjeUr+LXH2bEw2xJsCB6o10hNT fQN5ROS14TyO7SrsH16Yh2LrdTP2OcdlTi1LiDjoREStSmKf13me4Tnc/g+Z4VYl MtQF1Te6do6l1cuyZJz83p+w29CM1I0Mm02NaY85WnlWGcQCAcNaKabkkE7/QmCj 6zbfdK0a6wEYCRA5NboQhqcDkX6nnMdn4oqZZY1u3u0+J4TJ+c56SlfVlLnz/DZj X1D3GORGg3KguWm85OcIJHmO03X6U0FrrGovcCvl4ur7Ul6anOKcGpTFrFIMIO6B eVjzMGVEMIHcEj+m+wBVNgXlKqBlnpI4AiNt89x8m2bdOZwxp/sPClrzquPbyEQn fQi0smlwoFDSkZTZF/WXElhelrr+izCpTOslONYma1jjBJ9H4J+vU911iZnts6k6 MfDIOo3eFfw= =SVyx -----END PGP SIGNATURE-----