Table Of Contents
Caveats for Cisco IOS Release 12.1
Resolved Caveats—Cisco IOS Release 12.1(27b)
Resolved Caveats—Cisco IOS Release 12.1(27a)
Open Caveats—Cisco IOS Release 12.1(27)
Resolved Caveats—Cisco IOS Release 12.1(27)
Resolved Caveats—Cisco IOS Release 12.1(26)
Resolved Caveats—Cisco IOS Release 12.1(25)
Resolved Caveats—Cisco IOS Release 12.1(24)
Resolved Caveats—Cisco IOS Release 12.1(22c)
Resolved Caveats—Cisco IOS Release 12.1(22b)
Resolved Caveats—Cisco IOS Release 12.1(22a)
Resolved Caveats—Cisco IOS Release 12.1(22)
Resolved Caveats—Cisco IOS Release 12.1(21)
Resolved Caveats—Cisco IOS Release 12.1(20a)
Resolved Caveats—Cisco IOS Release 12.1(20)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(19)
Resolved Caveats—Cisco IOS Release 12.1(18)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(17)
Resolved Caveats—Cisco IOS Release 12.1(16)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(15)
Resolved Caveats—Cisco IOS Release 12.1(14)
Resolved Caveats—Cisco IOS Release 12.1(13a)
Resolved Caveats—Cisco IOS Release 12.1(13)
Resolved Caveats—Cisco IOS Release 12.1(12c)
Resolved Caveats—Cisco IOS Release 12.1(12b)
Resolved Caveats—Cisco IOS Release 12.1(12a)
Resolved Caveats—Cisco IOS Release 12.1(12)
Resolved Caveats—Cisco IOS Release 12.1(11b)
Resolved Caveats—Cisco IOS Release 12.1(11a)
Resolved Caveats—Cisco IOS Release 12.1(11)
Resolved Caveats—Cisco IOS Release 12.1(10a)
Resolved Caveats—Cisco IOS Release 12.1(10)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(9a)
Resolved Caveats—Cisco IOS Release 12.1(9)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(8a)
Resolved Caveats—Cisco IOS Release 12.1(8c)
Resolved Caveats—Cisco IOS Release 12.1(8)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(7c)
Resolved Caveats—Cisco IOS Release 12.1(7b)
Resolved Caveats—Cisco IOS Release 12.1(7a)
Resolved Caveats—Cisco IOS Release 12.1(7)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(6a)
Resolved Caveats—Cisco IOS Release 12.1(6)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(5e)
Resolved Caveats—Cisco IOS Release 12.1(5d)
Resolved Caveats—Cisco IOS Release 12.1(5c)
Resolved Caveats—Cisco IOS Release 12.1(5)
Resolved Caveats—Cisco IOS Release 12.1(4c)
Resolved Caveats—Cisco IOS Release 12.1(4a)
Resolved Caveats—Cisco IOS Release 12.1(4)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(3b)
Resolved Caveats—Cisco IOS Release 12.1(3)
Resolved Caveats—Cisco IOS Release 12.1(2b)
Resolved Caveats—Cisco IOS Release 12.1(2)
Novell IPX, XNS, and Apollo Domain
Resolved Caveats—Cisco IOS Release 12.1(1c)
Resolved Caveats—Cisco IOS Release 12.1(1)
Novell IPX, XNS, and Apollo Domain
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Caveats for Cisco IOS Release 12.1
November 2, 2005
Online Part Number OL-2897-11 Rev. D0
This document lists severity 1 and 2 caveats and select severity 3 caveats for Cisco IOS Release 12.1, up to and including Release 12.1(27b). Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious.
To help us improve this document, please send us your comments. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically at http://www.cisco.com/feedback/ or contact relnote-feedback@cisco.com. For more information, see the "Documentation Feedback" section.
How to Use This Document
This document describes open and resolved severity 1 and 2 caveats and select severity 3 caveats:
•
The "Open Caveats" section lists open caveats that apply to the current release and may apply to previous releases.
•
Within the sections the caveats are sorted by technology in alphabetical order. For example, AppleTalk caveats are listed separately from, and before, IP caveats. The caveats are also sorted alphanumerically by caveat number.
If You Need More Information
Cisco IOS software documentation can be found on the web through Cisco.com.
For more information on caveats and features in Cisco IOS Release 12.1, refer to the following sources:
•
•
•
•
•
•
Note
The most recent release notes document when this caveats document was published were Release Notes for Cisco IOS Release 12.1 for Cisco IOS Release 12.1(26) on November 11, 2004.
Contents
•
•
•
Resolved Caveats—Cisco IOS Release 12.1(27b)
Cisco IOS Release 12.1(27b) is a rebuild release for Cisco IOS Release 12.1(27). The caveats in this section are resolved in Cisco IOS Release 12.1(27b) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
IP Routing Protocols
•
Symptoms: A router may reset its Border Gateway Protocol (BGP) session.
Conditions: This symptom is observed when a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length that is equal to or greater than 255.
Workaround: Configure the bgp maxas limit command in such as way that the maximum length of the AS path is a value below 255. When the router receives an update with an excessive AS path value, the prefix is rejected and recorded the event in the log.
Miscellaneous
•
Symptoms: The Multiprotocol Label Switching (MPLS) forwarding table, label forwarding information base (LFIB), is not properly populated.
Conditions: This symptom is observed when reloading a Cisco router that is running Cisco IOS Release 12.1, Release 12.2, or Release 12.1 E.
Workaround: For every router (prefix/mask) with routes for which the LFIB entries are incorrect, execute the clear ip route prefix mask command.
Alternate Workaround: Execute the clear ip route * command.
•
Symptoms: A router may stop sending traffic.
Conditions: This symptom is observed after a Stateful Switchover (SSO) cutover is performed on a Cisco 7500 series that has label-controlled ATM (LC-ATM) incoming and outgoing interfaces and that is configured with distributed Cisco Express Forwarding (dCEF).
Workaround: There is no workaround.
•
Symptoms: A label may not be assigned for a peer provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 7500 series and a Cisco 12000 series in a Virtual Private Network (VPN) configuration with multiple route reflectors (RRs) and label controlled ATM (LC-ATM) links between PE routers. The symptom may also occur on other platforms.
Workaround: There is no workaround.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
Resolved Caveats—Cisco IOS Release 12.1(27a)
Cisco IOS Release 12.1(27a) is a rebuild release for Cisco IOS Release 12.1(27). The caveats in this section are resolved in Cisco IOS Release 12.1(27a) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Miscellaneous
•
NetFlow Feature Acceleration has been deprecated and removed from Cisco IOS. The global command ip flow-cache feature-accelerate will no longer be recognized in any IOS configuration.
If your router configuration does not currently contain the command ip flow-cache feature-accelerate, this change does not affect you.
The removal of NetFlow Feature Acceleration does not affect any other aspects of Netflow operation, for example Access-list processing. The features are separate and distinct.
Cisco Express Forwarding (CEF) supercedes the deprecated NetFlow Feature Acceleration.
Additionally, the following MIB objects and OIDs have been deprecated and removed from the netflow mib (CISCO-NETFLOW-MIB):
cnfFeatureAcceleration 1.3.6.1.4.1.9.9.99999.1.3
cnfFeatureAccelerationEnable 1.3.6.1.4.1.9.9.99999.1.3.1
cnfFeatureAvailableSlot 1.3.6.1.4.1.9.9.99999.1.3.2
cnfFeatureActiveSlot 1.3.6.1.4.1.9.9.99999.1.3.3
cnfFeatureTable 1.3.6.1.4.1.9.9.99999.1.3.4
cnfFeatureEntry 1.3.6.1.4.1.9.9.99999.1.3.4.1
cnfFeatureType 1.3.6.1.4.1.9.9.99999.1.3.4.1.1
cnfFeatureSlot 1.3.6.1.4.1.9.9.99999.1.3.4.1.2
cnfFeatureActive 1.3.6.1.4.1.9.9.99999.1.3.4.1.3
cnfFeatureAttaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.4
cnfFeatureDetaches 1.3.6.1.4.1.9.9.99999.1.3.4.1.5
cnfFeatureConfigChanges 1.3.6.1.4.1.9.9.99999.1.3.4.1.6Open Caveats—Cisco IOS Release 12.1(27)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(27). All the caveats listed in this section are open in Cisco IOS Release 12.1(27). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: When a Secure Shell (SSH) connection to a router that uses TACACS+ for authentication fails because of an unknown user name or incorrect password, a memory leak occurs and a TCP connection may hang in the CLOSEWAIT or ESTAB state. For an SSH2 connection, a memory leak occurs even if the authentication succeeds.
Conditions: This symptom is observed on an SSH connection to a Cisco router.
Workaround: There is no workaround. However, under normal circumstances, the memory leak is relatively small and should not interfere with normal operation.
Resolved Caveats—Cisco IOS Release 12.1(27)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(27). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(27). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A system used for reverse connections, such as a console server or other "milking machine" applications, may unexpectedly restart due to a bus error.
Conditions: The conditions under which this occurs are not well understood, but it is likely that frequent, short-lived connections are more likely to cause the problem than environments where connections are either long-lived or rarely opened and closed.
Workaround: There is no workaround.
•
Symptoms: Although there are free tty lines, you cannot make a Telnet connection and a "No Free TTYs error" message is generated.
Conditions: This symptom is observed when there are simultaneous Telnet requests.
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A Versatile Interface Processor 2-50 (VIP2-50) crashes because of a Cybus error with DMA receive errors.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.1 and that is configured with a PA-2FE that is installed in a VIP2-50. The symptom may also occur in other releases.
Workaround: There is no workaround.
IP Routing Protocols
•
Symptoms: A router may reload when a static Enhanced Interior Gateway Routing Protocol (EIGRP) neighbor statement is being removed.
Conditions: If a static neighbor statement is removed from the EIGRP configuration at the same time the neighbor is going down, the router may reload.
Workaround: Do not use static neighbors in EIGRP.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the "ospf_build_one_paced_update" process.
Conditions: This is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel within a particular OSPF area. The symptom may occur at any time without any specific changes or configuration and is not specifically related to any type of LSA.
Workaround: There is no workaround.
Further Problem Description: The symptom is very unlikely to occur. The symptom does not occur on a router that has exclusively stub areas and NSSA areas. The symptom may occur when a router does not have exclusively stub areas and NSSA areas.
•
Symptoms: A router may reload with a bus error exception, the crashinfo file shows an address error (a load or instruction fetch), and there is a spurious access in the crashinfo file.
Condition: These symptoms are observed on a Cisco router that performs NAT on H.323 voice traffic.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a subinterface with a certain configuration is deleted.
Conditions: This symptom is observed on a Cisco router that has multicast and the Hot Standby Routing Protocol (HSRP) configured.
Workaround: Remove the multicast configuration before deleting the subinterface.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Miscellaneous
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Symptoms: A Cisco router that is configured for SNASw may reload because of a bus error.
Conditions: This symptom is observed when the downstream port is configured for VDLC (DLSw). The problem is more likely to happen in a large, busy SNASw environment.
Workaround: There is no workaround.
Further Problem Description: This issue is platform independent.
Wide-Area Networking
•
Symptoms: A memory leak may occur in the "Multilink Events" process, which can be seen in the output of the show memory summary command:
0x60BC47D0 0000000024 0000000157 0000003768 MLP bundle name
0x60BC47D0 0000000028 0000000003 0000000084 MLP bundle name
0x60BC47D0 0000000044 0000000001 0000000044 MLP bundle name
0x60BC47D0 0000000048 0000000001 0000000048 MLP bundle name
0x60BC47D0 0000000060 0000000001 0000000060 MLP bundle name
0x60BC47D0 0000000064 0000000013 0000000832 MLP bundle name
0x60BC47D0 0000000068 0000000008 0000000544 MLP bundle name
0x60BC47D0 0000000072 0000000001 0000000072 MLP bundle name
0x60BC47D0 0000000076 0000000001 0000000076 MLP bundle name
0x60BC47D0 0000000088 0000000018 0000001584 MLP bundle nameConditions: This symptom is observed when two interfaces are configured in the same multilink group or are bound to the same dialer profile.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(26)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(26). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(26). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
Miscellaneous
•
Symptoms: When the second REQDACTPU is sent to VTAM by SNA Switching Services (SNASW), the FQPCID supplied is a new, unused FQPCID rather than that sent on the initial REQACTPU. This usually has no ill side-effects. However, under certain conditions, the fact that the REQDACTPU RSP cannot be correlated can allow the PU to become perpetually hung.
Conditions: This symptom occurs when the second REQDACTPU is sent to VTAM by SNA Switching Services (SNASW).
Workaround: There is no workaround.
•
A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with the command `bgp log-neighbor-changes' configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
TCP/IP Host-Mode Services
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Resolved Caveats—Cisco IOS Release 12.1(25)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(25). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(25). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Miscellaneous
•
Symptoms: A Cisco 3600 series with an NM-CT1/E1 network module that contains an NM-xDM network module may not allow incoming modem calls and generate the "no modem available" error message even though the output of the show modem command indicates that there is a free modem available.
Conditions: This symptom is observed when frequent retrains occur on the modems.
Workaround: There is no workaround.
•
Symptoms: On an RTR probe, an RSP does not report input or output packets for serial interfaces of PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters.
Conditions: This symptom is observed on a Cisco 7500 series that runs Cisco IOS Release 12.2(23a) or Release 12.3 and is more likely to occur when the number of channelized port adapters (such as the PA-MC-8T1, PA-MC-8E1, and PA-MC-8TE1+ port adapters) that are installed in the router is high.
Workaround: Reload the router.
Alternate Workaround: Enter the reload microcode router configuration command.
•
Symptoms: A Cisco 7500 series router may reload when multilink interface configured on the router comes up.
Conditions: This symptom would happen if service-policy is configured on the multilink interface and distributed switching is enabled.
Workaround: Not configuring service-policy on the router would prevent the router from reloading.
Wide-Area Networking
•
Symptoms: The IP Control Protocol (IPCP) times out in a Link Control Protocol (LCP) negotiation.
Conditions: The problem happens when "virtual-profile virtual-template" is configured without "virtual-profile if-needed" and an ASYNC call creates a Virtual-Access interface.
Workaround: Configure "virtual-profile if-needed" and use the ASYNC interface without a Vaccess.
Resolved Caveats—Cisco IOS Release 12.1(24)
This section describes possibly unexpected behavior by Cisco IOS Release 12.1(24). All the caveats listed in this section are resolved in Cisco IOS Release 12.1(24). This section describes severity 1 and 2 caveats and select severity 3 caveats.
The following information is provided for each caveat:
•
•
•
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: A router may reload unexpectedly due to memory corruption.
Conditions: Connection accounting is enabled and the router is handling a high volume of connections.
Workaround: Disable connection accounting.
Further Problem Description: The high volume scenario can occur when there are a lot of users (typically scripts) logging into the router through VTYs, and some of them cause a race condition where the system is trying to do accounting after the connection structures have been freed.
•
Symptoms: A Cisco device experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
IBM Connectivity
•
Symptoms: A Cisco 2620 may reload because of a segmentation violation (SegV).
Conditions: This symptom is observed when you attempt to run X.25 (at packet level) over a Logical Link Control, type 2 (LLC2) (at frame level) from a third-party vendor workstation to the Cisco 2620. This problem was also seen when running DLSW (Data Link Switching).
Workaround: There is no workaround.
Interfaces and Bridging
•
Symptoms: A port adapter may stop receiving packets. When this symptom occurs, the output of the show interface EXEC command does not report any input or output drops. When the show controller EXEC command is issued on the Versatile Interface Processor (VIP) console of a router, the command output may display incrementing rx_no_buffer and virtual circuit connection (VCC) counts.
Conditions: This symptom is observed on an enhanced ATM Port Adapter (PA-A3) on a Cisco 7500 router.
Workaround: Bounce the port adapter interface by issuing the shutdown interface configuration command followed by the no shutdown interface configuration command.
IP Routing Protocols
•
Symptoms: A router flushes link-state advertisements (LSAs) that have not been refreshed for more than 50 minutes.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(19)ST1.
Workaround: There is no workaround.
•
Symptoms: If Network Address Translation (NAT) overload is configured, translation may not function properly. A packet may be translated twice, and the inside global address may be considered as the inside local address.
Conditions: This symptom is observed on a Multilayer Switch Feature Card (MSFC2) that is running Cisco IOS Release 12.1(2)E or Release 12.1(8b)E9.
Workaround: Configure an access list for the NAT dynamic mappings, that would permit inside hosts only.
•
Symptoms: NAT calculates an invalid UDP checksum for some checksum values.
Conditions: This symptom is observed in a very particular situation which depends on the NAT configuration and the UDP checksum value. After the translation, the new UDP checksum value of the translated packet is equal to zero. NAT ignores the new checksum value of zero and it uses the original checksum value, which causes a checksum error at the end device.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: When an available bit rate (ABR) permanent virtual circuit (PVC) is used with a Cisco 3600 or Cisco 2600 router on an ATM T1 Inverse Multiplexing over ATM (IMA) module, the maximum output possible on the interface is:
Approximately 50 kbps if the user configures ABR PCR = 1500
Approximately 1220 kbps if the user configures ABR PCR = 3000
Approximately 2500 kbps if the user configures ABR PCR = 4500
Output queue drops are shown on the ATM interface when the show interfaces interface x/y EXEC command is entered.
Conditions: This symptom is observed on a Cisco 3600 or Cisco 2600 series router on an ATM T1 Inverse Multiplexing over ATM (IMA) module.
Workaround: Use either a variable bit rate (VBR) or an unspecified bit rate (UBR).
•
Symptoms: Free memory in router, as shown by the show processor memory command, drops until ultimately the router may issue SYS-2- MALLOCFAIL messages and hang.
Conditions: Memory will be permanently leaked when a Cisco device receives duplicate per-user Authentication, Authorization, and Accounting (AAA) requests for TCP Header Compression for the same user.
Workaround: Disable per-user AAA TCP Header Compression.
•
Symptoms: SNMP does not return the ifAlias for the T1 controllers, even after the description command is configured on the controller.
Conditions: This symptom is observed on a Cisco AS5300 but is not platform dependent.
Workaround: There is no workaround.
•
Symptoms: A PRI time slot that receives an analog call may be stuck in a link-control-protocol (LCP) timeout for all consecutive ISDN PPP calls.
Conditions: This symptom is observed on a Cisco AS5200.
Workaround: Reload the router.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
•
Symptoms: The box may crash when configuring the SSH key.
Conditions: The crash happens when the key generation is done right after reload.
Workaround: Wait 30 seconds after reload before generating key pair.
•
Symptoms: The ringback tone is not heard on the originating phone in the call alerting phase of an H.323 slow start VoIP call using a Cisco IOS VoIP gateway as the terminating gateway (TGW).
Conditions: The TGW sends an H.225 Alerting message with a Progress Indicator value of 1 or 8, which means that the ringback tone is transported in-band from the TGW.
Workaround: There is no workaround.
•
Symptoms: A Cisco router may reload when a member is removed and then added back to a multilink interface.
Conditions: This symptom is observed on a Cisco 7500 series when distributed Multilink PPP (MLP) is enabled.
Workaround: Shut down the multilink and then add or remove the member links. This action can prevent this symptom, but is not a very acceptable workaround.
•
Symptoms: An enhanced ATM port adapter (PA-A3) may display an increasing "rx_no_buffer" counter in the output of the show controllers atm privileged EXEC command, and some PVCs configured on the PA-A3 port adapter may stop receiving traffic.
Conditions: This symptom is observed when there is a high-traffic load on the PA-A3. Certain types of PA-A3s are impacted by this problem (PA-A3-OC3/T3/E3 are impacted, but PA-A3-OC12 and PA-A3-8T1/8E1 IMA are not). Also, any platform supporting these types of PA-A3s may be impacted.
Workaround: Enter the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-A3.
Further Problem Description: The condition that triggers this problem is ignores on the ATM interface. The high-traffic load must be high enough to cause ignores on ATM interface in order for the problem to occur. However, it is important to note that ignores on the ATM interface does not always leads to this problem.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
TCP/IP Host-Mode Services
•
Symptoms: When prompts for Tool Command Language (TCL) and Voice Extensible Markup Language (VXML) applications are loaded using FTP, FTP does not return the proper size of the prompts.
Conditions: This symptom is observed on a Cisco AS5300 but is not platform dependent.
Workaround: Load the prompts using RAM, TFTP, or HTTP.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSÆ software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Wide-Area Networking
•
Symptoms: When a router running Cisco IOS Release 12.0S, 12.1, 12.2, or 12.2T receives a multilink packet with Protocol Field Compression (PFC) applied, the packet is not interpreted correctly, and is subsequently rejected. The following debug messages appear in the debug trace when the debug ppp negotiation command is enabled:
MLP: I UNKNOWN(192) [Not negotiated] id 0 len 0
LCP: O PROTREJ [Open] id 2 len 95 protocol MLPConditions: This symptom is observed when the router requests PFC during Link Control Protocol (LCP) negotiations and the peer applies PFC to its outbound packets. PFC is enabled by default on asynchronous serial interfaces, it is disabled by default on other interfaces.
Workaround: In Cisco IOS Release 12.2 and 12.2 T, PFC can be disabled using the ppp pfc local forbid interface configuration command. In Release 12.0 S and 12.1, there is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(22c)
Cisco IOS Release 12.1(22c) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(22c) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
Basic System Services
•
Symptoms: Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of
-1732547824 bytes failed from x605111F0, pool Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Conditions: The symptom is observed on a Cisco 7513 that runs Cisco IOS Release 12.0(17)ST. The symptom may also occur on other Cisco 7500 series routers that run Release 12.0 S, 12.2 S, 12.3, or 12.3 T.
Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Symptoms: A router may reload unexpectedly due to memory corruption.
Conditions: Connection accounting is enabled and the router is handling a high volume of connections.
Workaround: Disable connection accounting.
Further Problem Description: The high volume scenario can occur when there are a lot of users (typically scripts) logging into the router through vty's and some of them cause a race condition where the system is trying to do accounting after the connection structures have been freed.
•
Symptoms: A Cisco Catalyst 2950 experiences a memory leak in the CDP process.
Conditions: The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the global command no cdp run.
Miscellaneous
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Symptoms: The ringback tone is not heard on the originating phone in the call alerting phase of an H.323 slow start VoIP call using a Cisco IOS VoIP gateway as the terminating gateway (TGW).
Conditions: The TGW sends an H.225 Alerting message with a Progress Indicator value of 1 or 8, which means that the ringback tone is transported in-band from the TGW.
Workaround: There is no workaround.
•
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Resolved Caveats—Cisco IOS Release 12.1(22b)
Cisco IOS Release 12.1(22b) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(22b) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
IP Routing Protocols
•
Symptoms: A router flushes link-state advertisements (LSAs) that have not been refreshed for more than 50 minutes.
Conditions: This symptom is observed on a Cisco router that is running Cisco IOS Release 12.0(19)ST1.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The show flash-filesystem EXEC command and the dir filesystem EXEC command may not work properly on a Cisco 2600XM, preventing you from seeing the flash images.
In addition, the copy destination url flash: EXEC command may fail when the erase option is not selected (that is, you type in no when you are asked if you want to erase the device). The copy destination url flash: EXEC command functions fine when you do select the erase option.
Conditions: These symptoms are observed on a Cisco 2600XM that is configured with a particular third-party vendor 16-MB SIMM. Note that the router is still functional with this SIMM; you can boot or reload the router, perform a TFTP download operation, and similar actions without any difficulty.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.1(22a)
Cisco IOS Release 12.1(22a) is a rebuild release for Cisco IOS Release 12.1(22). The caveats in this section are resolved in Cisco IOS Release 12.1(22a) but may be open in previous Cisco IOS Releases. This section describes severity 1 and 2 caveats and select severity 3 caveats.
IP Routing Protocols
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
Miscellaneous
•
Symptoms: The H.323 protocol stack on Cisco IOS software uses a third-party Abstract Syntax Notation One (ASN.1) library, and Cisco does not have control over the source code. Under some situations, when there are encoding errors and no free memory is available, a Cisco router reloads inside the third-party library code. In the third-party library code, a function is called by the ASN encoder to free all allocated memory whenever an error is detected. However, the encoder does not free the memory correctly, and the router reloads.
Conditions: This symptom is observed on a Cisco AS5300 but may be observed on other Cisco platforms.
Workaround: Upgrade to Cisco IOS Release 12.1 T or a later release that uses Cisco-developed ASN.1 library code.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities.
Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS).
There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml.
•
Guest
