[cisco-voip] Linux Kernel sock_sendpage() Local Privilege Escalation Vulnerability

Wes Sisk wsisk at cisco.com
Thu Aug 27 13:58:21 EDT 2009


"allow an unprivileged, local attacker to execute arbitrary code"

There is no allowance on the appliance for any user to install 3rd party 
software or execute an arbitrary binary.  I expect a fix to come out in 
the form of an upgrade to a later version such as 6.1.4 or 7.1.3.  
However details are not yet ironed out and published.  With no 
opportunity for exploit it will not be urgent priority on the 
appliance.  On other platforms that allow arbitrary execution it will be 
high priority.

/Wes

On Thursday, August 27, 2009 12:53:03 PM , Ted Nugent 
<tednugent73 at gmail.com> wrote:
> I believe Billy is referring to the Alert below
>
> http://tools.cisco.com/security/center/viewAlert.x?alertId=18847
>
>
>
>
> On Thu, Aug 27, 2009 at 10:05 AM, Wes Sisk <wsisk at cisco.com 
> <mailto:wsisk at cisco.com>> wrote:
>
>     Can you provide more info on this vulnerability?  Generally there
>     is no 'patching' on the appliance.  Patches are distributed via an
>     upgrade to a subsequent version.
>
>     /Wes
>
>
>     On Thursday, August 27, 2009 8:37:03 AM , Billy Poole
>     <bpoole31 at gmail.com> <mailto:bpoole31 at gmail.com> wrote:
>>     I wanted to know if any one has applied the patch for this on
>>     CUCM 6x and or any other VOIP Linux systems? If so what steps did
>>     you take? Thanks.
>>     ------------------------------------------------------------------------
>>
>>     _______________________________________________
>>     cisco-voip mailing list
>>     cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
>>     https://puck.nether.net/mailman/listinfo/cisco-voip
>>       
>
>
>     _______________________________________________
>     cisco-voip mailing list
>     cisco-voip at puck.nether.net <mailto:cisco-voip at puck.nether.net>
>     https://puck.nether.net/mailman/listinfo/cisco-voip
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20090827/33b77f8d/attachment.html>


More information about the cisco-voip mailing list