"This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace," the advisory states. "An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue."
"The company has provided some temporary workarounds for administrators and estimates that a permanent fix for this flaw will be released in the week of January 21," writes Softpedia's Eduard Kovacs.
"Last month, Ang Cui, a graduate student at Columbia University Intrusion Detection Systems Lab and co-founder of Red Balloon Security, demonstrated the attack on the Cisco Unified IP Phone 7900 series using a technique he developed with fellow Columbia researcher Salvatore Stolfo to attack printers," writes FierceEnterpriseCommunications' Fred Donovan. "Once the phone was compromised, an attacker could eavesdrop on the entire network of phones in the enterprise, according to Cui."
"During the presentation, systems expert Cui showed the Cisco phone at the White House and on Air Force One," writes CRN's Robert Westervelt. "The device is not really a phone, he said, but a general purpose computer put into a plastic case to make it look like a phone. The device runs Cisco's proprietary UNIX OS and Java. It uses the SSH protocol, but 'the way it's implemented makes it worse than Telnet,' Cui said."
"Cui and Stolfo have developed their own fix, called Software Symbiotes [PDF file], which they plan to demo at the RSA Conference in San Francisco in February," writes ReadWrite's Christina Ortiz. "The defensive technology will live alongside executable code or arbitrary software to ensure that it works properly. Symbiotes, according to Cui, will be able to tell whether a system has been compromised, and either stop the malware or turn off the host device altogether."