[cisco-voip] Linux Kernel sock_sendpage() Local Privilege Escalation Vulnerability

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Aug 27 12:00:58 EDT 2009


Hi,
> Can you provide more info on this vulnerability?  Generally there is no  
> 'patching' on the appliance.  Patches are distributed via an upgrade to  
> a subsequent version.

alternative workaround - use ACLs on VLAN or switch port (depending on capabilities)
to stop the broken protocols reaching your box.  at this point in time
my memory tells me that the ones to block are

appletalk
ipx
sctp
pppoe
(bluetooth is another one)

however, not sure if any of these are on the system anyway....

alan


More information about the cisco-voip mailing list