This notice describes Cisco IOS Release 11.1(13)CA software defect CSCdj23465 and includes the following information:
Products affected and images being deferred
Cisco Systems, Inc. strives to maintain the highest software quality standards in the internetworking industry. We also seek to provide you, our customers and partners, with the most thorough and advanced software quality information as part of the services available under your Cisco service agreement.
RSP1, RSP2, RSP4
Cisco IOS Release 11.1(13)CA is an Early Deployment software release that supports new features for Cisco's high-end routing products.
CSCdj23465 may become a security issue if a Cisco7000 or Cisco7500 router crashes and a user enters the command show stack at the user level prompt. A modification of the show stack output has been implemented into Cisco IOS ED 11.1(13)CA Cisco 7000 and Cisco 7500 images via CSCdj12951. This modification will display output of the console buffer along with any configuration entries. The router may not crash, and the console buffer may not contain configuration commands, but there is still a possibility.
This issue has been assigned defect number CSCdj12951.
CSCdj12951 implemented the modifications to the show stack command at the user level. With all of the enhancements to help improve Cisco's diagnostic of a crash, the improvements may output confidential configuration data viewable by any user, hence CSCdj23465. RSP console buffer is 32K. The RP console buffer is 20K. This buffer is utilized by First In Last Out (FILO) scheme. The console buffer is filled with output message from the console (such as interface health) or by last configuration commands entered. The console buffer FILO scheme will help prevent the possibility of configuration info being viewed by any user when entering the show stack command.
Cisco is working on implementing the fix for Cisco IOS ED 11.1(13)CA1 by August 4, 1997.