CVE-2012-5445 Information

Description

The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.

Reference

http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone