This vulnerability affects all releases of Classic Cisco IOS software
from 9.1 up to, but not including, the following corrected releases (including
interim and beta software):
11.3(1), 11.3(1)ED, 11.3(1)T
11.2(10), 11.2(9)P, 11.2(9)XA, 11.2(10)BC,
11.1(15)CA, 11.1(16), 11.1(16)IA, 11.1(16)AA, 11.1(17)CC, 11.1(17)CT
It is not necessary to run the specific releases listed above; the fix
is present in all subsequent versions of the same releases as well. For
example, 11.2(9)P is fixed, so 11.2(10)P is also fixed.
Releases of Cisco IOS software up to and including 10.3 have reached
end of support, and no fixes are currently or planned to be available for those
releases. All releases after 9.1 do, however, contain the problem.
All planned fixes to Cisco IOS software have been completed and tested.
Integration into regular released software is complete for all versions except
11.0. If you are running a version of software earlier than the ones listed
above, please contact the Cisco TAC for assistance.
As of the date of this notice, the fix for this problem is available
for the 11.0 release only in the 11.0(20.3) version. This is an interim
release, and has not been subjected to the same degree of testing as a regular
Cisco IOS release. The first regular 11.0 release containing the fix will be
11.0(21). Release of 11.0(21) is tentatively scheduled for mid-September, 1998;
this schedule is subject to change. Because of the relative maturity of the
11.0 Cisco IOS software, Cisco believes that installation of 11.0(20.3) carries
less risk than would installation of an interim release for a newer Cisco IOS
version, but customers are advised to use caution in installing 11.0(20.3), or
any other interim release, in any critical device.