Table Of Contents
Release Notes for Cisco 1700 Series Routers for Cisco IOS Release 12.3(4)XG5
Determining the Software Version
Upgrading to a New Software Release
New Software Features in Cisco IOS Release 12.3(4)XG
New Software Features in Release 12.3(4)T
Resolved Caveats - Cisco IOS Release 12.3(4)XG5
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG4
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG3
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG2
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG1
Open Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG
Resolved Caveats -Cisco IOS Release 12.3(4)XG
Cisco IOS Software Documentation Set
Cisco IOS Release 12.3 Documentation Set Contents
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Notes for Cisco 1700 Series Routers for Cisco IOS Release 12.3(4)XG5
August 08, 2007OL-5487-07
These release notes describe new features and significant software components for Cisco 1700 series routers that support Cisco IOS Release 12.3(4)T, up to and including Cisco IOS Release 12.3(4)XG5. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.3T located on Cisco.com.
For a list of the software caveats that apply to Cisco IOS Release 12.3(4)XG5, see the "Caveats" section and Caveats for Cisco IOS Release 12.3(4)T. The online caveats document is updated for every maintenance release and is located on Cisco.com.
Contents
•
Obtaining Documentation, Obtaining Support, and Security Guidelines
System Requirements
This section describes system requirements for Cisco IOS Cisco IOS Release 12.3(4)XG5 and includes the following sections:
•
•
Memory Requirements
Table 1 describes memory requirements for legacy images and Table 2 describes memory requirements for cross-platform images for Cisco IOS feature sets supported by Cisco IOS Cisco IOS Release 12.3(4)XG5 on Cisco 1700 series routers.
Hardware Supported
Cisco IOS Cisco IOS Release 12.3(4)XG5 supports the following Cisco 1700 series routers:
•
•
•
•
•
•
•
•
Cisco 1701, Cisco 1710, Cisco 1711, Cisco 1712, Cisco 1720, and Cisco 1721routers run data images only. Cisco 1751, Cisco 1751-V, and Cisco 1760 routers run data or data-and-voice images, providing digital and analog voice support.
Cisco 1711 and Cisco 1712 routers run the following IPSec Triple Data Encryption Standard (3DES) images only:
•
•
•
•
For descriptions of existing hardware features and supported modules, see the hardware installation guides, configuration and command reference guides, and additional documents specific to Cisco 1700 series routers, which are available on Cisco.com at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/access/acs_mod/1700/index.htm
This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and follow this path:
Technical Documentation > Routers > Modular Access Routers > Cisco 1700 Series Routers > <platform name>
Determining the Software Version
To determine which version of Cisco IOS software is running on your Cisco 1700 series router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the version number.
router> show versionCisco Internetwork Operating System SoftwareIOS (tm) C1700 Software (C1700-Y7-MZ), Version 12.4(11)XJ5, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)Synched to technology version 12.3(5.7)TUpgrading to a New Software Release
For general information about upgrading to a new software release, see Cisco IOS Software Releases 12.3 T Installation and Upgrade Procedures located on Cisco.com.
Feature Set Tables
Cisco IOS software is packaged in feature sets consisting of software images, which vary with the hardware platform. Each feature set contains a certain set of Cisco IOS features. Cisco IOS Release 12.3(4)XG supports the same feature sets as Releases 12.3 and 12.3(4)T, but Cisco IOS Release 12.3(4)XG includes new features supported by Cisco 1700 series routers. Cisco IOS Release 12.3(4)XG5 is a rebuild of Cisco IOS Release 12.3(4)XG and includes only bug fixes; it does not include any new features.
Caution
Table 3 lists the features and feature sets supported by legacy images in Cisco IOS Cisco IOS Release 12.3(4)XG, and Table 5 lists the features and feature sets supported by cross-platform images in Cisco IOS Cisco IOS Release 12.3(4)XG. The tables use the following conventions:
•
•
•
Note
Table 5, Part 2 Feature List by Cross-Platform Feature Set for Cisco 1701, 1710, 1711, 1712, 1721, 1751, 1751-V,
and 1760 RoutersFour-Wire Mode over SHDSL
12.4(11)XJ
Yes
Yes
Yes
1 This image is supported only on Cisco 1751, 1751-V, and 1760 routers.
New and Changed Information
The following sections list new information about Cisco 1700 series routers for Cisco IOS Release 12.3(4)XG. This information also applies to Cisco IOS Releases 12.3(4)XG1, 12.3(4)XG2, 12.3(4)XG3,12.3(4)XG4, and 12.3(4)XG5.
New Software Features in Cisco IOS Release 12.3(4)XG
The following sections describe new software features supported by Cisco 1700 series routers for Cisco IOS Release 12.3(4)XG.
Four-Wire Mode over SHDSL
The Four-Wire Mode over SHDSL feature adds four-wire support in fixed mode only on a single-port multiline G.SHDSL WIC, or WIC-1SHDSL-V2, to build on the existing features of the Multirate Symmetrical High-Speed Digital Subscriber Line (G.SHDSL) feature supported on the 1-port G.SHDSL WAN interface card. The Four-Wire Mode for SHDSL feature incorporates the 2.x firmware version and the latest hybrid circuit from Globespan. The four-wire feature of G.991.2 doubles the bandwidth in ATM mode and increases the usable distance over two pairs of wires.
The Four-Wire Mode over SHDSL feature supports ATM in four-wire mode. Embedded Operation Channel (EOC) message support for customer premise equipment (CPE) is performed for 2-wire and 4-wire modes. G.SHDSL process enhancements improve the performance and reduce the memory utilization.
For more details, refer to the following URL:
Two-Wire Mode over SHDSL
The Two-Wire Mode over SHDSL feature adds ATM, E1 and T1 support on a single-port multiline G.SHDSL WAN Interface Card (WIC), or WIC-1SHDSL-V2, to build on the existing features of the Multirate Symmetrical High-Speed Digital Subscriber Line (G.SHDSL) feature supported on the 1-port G.SHDSL WAN interface card.
The Two-Wire Mode over SHDSL feature supports ATM, E1 and T1 in 2-wire mode. Embedded Operations Channel (EOC) message support for customer premise equipment (CPE) is done for 2-wire and 4-wire modes and some central office (CO) messages are also supported.
For more details, refer to the following URL:
IETF-Compliant PPP over ATM
The Internet Engineering Task Force (IETF)-Compliant PPP over ATM feature allows you to configure PPP over ATM by using a virtual circuit multiplexed encapsulation mode. This feature complies with IETF RFC 2364, "PPP over ATM Adaptation Layer 5 (AAL5)".
New Software Features in Release 12.3(4)T
For information regarding features supported in Cisco IOS Release 12.3(4)T, refer to the Cross-Platform Release Notes and New Feature Documentation links at the following location on Cisco.com:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/index.htm
This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and follow this path:
Service & Support > Technical Documents > Cisco IOS Software > Release 12.3: Release Notes > Cross-Platform Release Notes (Cisco IOS Release 12.3(4)T)
Limitations and Restrictions
The following sections list limitations and restrictions that apply for Cisco IOS Releases 12.4(11)XJ, 12.3(4)XG1, 12.3(4)XG2, 12.3(4)XG3, 12.3(4)XG4, and 12.3(4)XG5.
Four-Wire Mode for SHDSL
•
The WIC 1SHDSL-V2, being configurable in ATM/T1/E1 modes, takes up a different interface/controller numbering scheme on the Cisco 1721 router. This problem does not apply to the Cisco 1751 or Cisco 1760 routers, as they use a slot/port numbering scheme.
–
Example 1:
Slot 0 - 1SHDSL-V2, slot 1 - MFT-T1/E1
Number Assignment:
controller dsl 0, int atm 0 or contr t1 0 (depending on the mode configured) - for 1SHDSL-V2
controller t1 1 - for MFT-T1
Example 2:
Slot 0 - 1SHDSL-V2, slot 1 - ADSL/SHDSL
Number Assignment:
controller dsl 0, int atm 0 or contr t1 0 (depending on the mode configured) - for 1SHDSL-V2
interface atm 1 - ADSL/SHDSL
–
Example 1:
Slot 0 - ADSL/SHDSL, slot 1 - 1SHDSL-V2
Number Assignment:
interface atm 0 - for 1SHDSL/ADSL
controller dsl 1, int atm 1 or contr t1 1 (depending on the mode configured) - for 1SHDSL-V2
Example 2:
Slot 0 - 1MFT-T1/E1, slot 1 - 1SHDSL-V2
Number Assignment:
controller t1 0 for 1MFT-T1
controller dsl 1, int atm 1 or contr t1 1 (depending on the mode configured) - for 1SHDSL-V2
Example 1:
Slot 0 - 2MFT-T1/E1, slot 1 - 1SHDSL-V2
Number Assignment:
controller t1 0 & controller t1 1 for 2MFT-T1
controller dsl 2, int atm 2 or contr t1 2 (depending on the mode configured) - for 1SHDSL-V2
If both slots are occupied by controller DSL, the logical interfaces configured on them will take the numbers of the DSL controller seen (which will be the same as the slot numbers).
All logical interfaces (for example, the serial interface created on configuring channel-groups in T1/E1 mode) on WIC-1SHDSL-V2 will have the same number as the controller dsl.
•
Dynamic mode changes between ATM/T1/E1 are not supported on Cisco 1700 series routers. The router has to be reloaded after saving the new configuration mode in order for the mode change to take effect. Alternatively, the no mode command can be issued, and the router should be reloaded with the configurations saved. After the router is reloaded, a new mode can be configured.
Caveats
Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats. Severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.
Caveats in Cisco IOS Release 12.3(4)T also exist in Cisco IOS Release 12.3(4)XG5. For information on caveats in Cisco IOS Release 12.3(2)T, refer to the Caveats for Cisco IOS Release 12.3(4)T document. This document lists severity 1 and 2 caveats and is located on Cisco.com.
Note
Resolved Caveats - Cisco IOS Release 12.3(4)XG5
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
•
Reception of certain IPv6 fragments with carefully crafted illegal contents may cause a router running Cisco IOS to reload if it has IPv6 configured. This applies to all versions of Cisco IOS that include support for IPv6.
The system may be protected by installing appropriate access lists to filter all IPv6 fragments destined for the system. For example:
interface Ethernet0/0ipv6 traffic-filter nofragments in!ipv6 access-list nofragmentsdeny ipv6 any <my address1> undetermined-transportdeny ipv6 any <my address2> fragmentspermit ipv6 any anyThis must be applied across all interfaces, and must be applied to all IPv6 addresses which the system recognizes as its own.
This will effectively disable reassembly of all IPv6 fragments. Some networks may rely on IPv6 fragmentation, so careful consideration should be given before applying this workaround.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•
Remote Authentication Dial In User Service (RADIUS) authentication can be bypassed on a device that is running certain Cisco IOS software releases and is configured with a fallback method of none. Devices that run other Cisco IOS software releases, are configured for other authentication methods or are not configured with a fallback method of none are not affected. Some configurations using RADIUS, none and an additional method also are not affected.
Cisco has made free software available to address this vulnerability. There are also workarounds available to mitigate the effects. More details can be found in the security advisory at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml
•
Symptoms: Although there are free tty lines, you cannot establish a Telnet connection, and a "No Free TTYs" error message is generated.
•
Symptoms: The BGP session is reset if a Cisco router that peers with other routers receives an Autonomous System (AS) path with a length equal to or greater than 255.
•
Symptoms: CBAC sessions are left in sis-closing state due to out-of-order packet handling.
Workaround: None. Lowering the inspect FTP timeout or disabling CEF reduces exposure.
Fix: Bump certain out-of-order packets to process path for catch-up and then drop packets if this is unsuccessful.
•
Certain Cisco IOS software releases, when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices, may contain two vulnerabilities that can potentially cause IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are also workarounds available to mitigate the effects. More details can be found in the security advisory at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
–
–
–
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
–
–
–
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability. This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en
•
A document titled "ICMP Attacks Against TCP," which describes how the Internet Control Message Protocol (ICMP) could be used to perform Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP), has been made publicly available through the Internet Engineering Task Force (IETF) Internet Draft process (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which affect only sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages.
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks.
3. Attacks that use ICMP "source quench" messages.
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. There are also workarounds available to mitigate the effects. More details can be found in the security advisory at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en
•
The Cisco IOS Firewall Authentication Proxy for FTP and/or Telnet Sessions feature in certain versions of Cisco IOS software is vulnerable to a remotely exploitable buffer overflow condition.
Devices that do not support, or are not configured for Firewall Authentication Proxy for FTP and/or Telnet Services are not affected.
Devices configured with only Authentication Proxy for HTTP and/or HTTPS are not affected.
Cisco has made free software available to address this vulnerability. There are also workarounds available to mitigate the effects. More details can be found in the security advisory at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050907-auth_proxy.shtml
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG4
•
Cisco Internetwork Operating System (IOS) software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation.
Cisco has made free software available to address this vulnerability for all affected customers.
More details can be found in the security advisory that is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG3
•
BGP error message trackback.
A device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a DoS attack from a malformed BGP packet. Only devices with the command bgp log-neighbor-changes configured are vulnerable. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet.
Cisco has made free software available to address this problem. Please see the advisory available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml.
•
L2TPv3 and UTI sessions doing PMTUD vulnerable to spoofed ICMP paks.
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
IPSec (ESP-AH) doing PMTUD vulnerable to spoofed ICMP packets.
See note for CSCef43691 above.
•
More stringent checks required for ICMP unreachables.
See note for CSCef43691 above.
•
IPSec PMTUD not working [after CSCef44225].
See note for CSCef43691 above.
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG2
•
%SYS-2-MALLOCFAIL: -Process= CDP Protocol.
Many memory allocation failure (MALLOCFAIL) messages may occur for a Cisco Discovery Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool Processor, alignment 0-Process= "CDP Protocol", ipl= 0, pid= 42-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18Workaround: To prevent the symptom from occurring again, disable CDP by entering the no cdp run global configuration command.
•
Bus error in NAT translating RSHELL packets.
A router may reload unexpectedly because of a bus error when it accesses a low address during the translation of TCP port 514. This is observed on a Cisco router that runs Cisco IOS Release 12.3(5) and that is configured for Network Address Translation (NAT).
Workaround: Prevent the translation of TCP port 514.
•
Router crash due to corrupted data in list with Cisco IOS firewall.
A router may reload unexpectedly after it attempts to access a low memory address.
Workaround: Disable IP Inspect and IDS.
•
Malicious configuration reload neighbor routers by show cdp entry * protocol command.
Depending upon configuration, issuing the show cdp entry * protocol command may cause a reload of the device.
Workaround: Disable CDP, avoid issuing the command under given circumstances, or upgrade to a fixed version of software.
•
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
•
Unable to telnet.
A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected.
All other device services will operate normally. Services such as packet forwarding, routing protocols and all other communication to and through the device are not affected.
Cisco will make free software available to address this vulnerability. Workarounds, identified below, are available that protect against this vulnerability.
The Advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
•
Modifications needed to syn rst packet response.
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
Memory leak in CDP process with long host names.
A Cisco device experiences a memory leak in the CDP process. The device sending CDP packets sends a hostname that is 256 or more characters. There are no problems with a hostname of 255 or fewer characters.
Workaround: Configure the neighbor device to use less than a 256 character hostname, or disable the CDP process with the no cdp run global configuration command.
•
CBAC inspection causes software forced reload.
When Cisco IOS Firewall Context-Based Access Control (CBAC) is configured, the router seems to have a software-forced reload caused by one of the inspections processed.
Workaround: There is no workaround.
•
Cosmetic Display CLI Related Issues.
While giving line-mode 2-wire ? command in ATM mode on WIC-1SHDSL-V2, the help text displays incorrect mapping between the line number and the pins used.
Workaround: There is no workaround.
•
atmVclTable maps all permanent virtual circuits (PVCs) to all subinterfaces.
Workaround: There is no workaround.
•
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Resolved Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG1
•
Cisco Routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces. The vulnerability is present only in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable. More details can be found in the security advisory posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
•
Spurious Accesses at mlp_group_swidb.
•
When the undebug all privileged EXEC command is entered on a Cisco router, all traffic that passes through an encrypted generic routing encapsulation (GRE) tunnel may stop. This symptom is observed on a Cisco router that is configured with a GRE tunnel that is secured via IP Security (IPSec) and that is using Cisco Express Forwarding (CEF) switching.
Workaround: Reinitialize CEF switching by entering the no ip cef global configuration command followed by the ip cef global configuration command.
Alternate Workaround: Do not enter the undebug all privileged EXEC command. Rather, individually disable each debug command.
•
Symptoms: Line-mode CLI does not have option for auto line mode selection.
Conditions: DSL line training stops if digital subscriber line access multiplexer (DSLAM) switches from two-wire to four-wire or four-wire to two-wire mode.
Workaround: Change the customer premise equipment (CPE) line-mode configuration to DSLAM line-mode configuration.
•
EOC message 17 not received by WIC-1SHDSL and WIC-1SHDSL-V2.
EOC message 17 is not received by WIC-1SHDSL and WIC-1SHDSL-V2 even though a certain third party DSLAM sends it periodically. This is because the said DSLAM sends message 11 and message 17 with one 7E in between. The GTI_EOM interrupt is generated by the firmware on two consecutive 7Es. Hence message 17 is not processed by the CPE.
•
Traces appear when WIC-1-SHDSL-V2 connected to ECI DSLAM.
•
Reload triggered in SNMP process.
Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S, 12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited, could cause the device to reload. The vulnerability is present only in certain IOS releases on Cisco routers and switches. This behavior was introduced via a code change, and is resolved with CSCed68575. This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
Open Caveats - Cisco IOS Cisco IOS Release 12.3(4)XG
•
Controller and interface flapping for sf&ami on T1.
This problem is seen only when two channel-groups are configured with all 24 timeslots being used.
Workaround: When using all 24 timeslots in sf, configure only one channel-group. If two channel-groups are required, use esf.
•
Loopback analog fails in Cisco 1751/1760 router.
This problem is seen only when both CO and CPE are configured for analog loopback. There is no problem when only one end is configured for loopback.
Workaround: Do not configure analog loopback on both CPE and CO simultaneously.
•
E1 4-wire mode line protocol flapping with Annex-B and unframed framing.
Workaround: There is no workaround.
Resolved Caveats -Cisco IOS Release 12.3(4)XG
This section documents possible unexpected behavior by Cisco IOS Release 12.3(4)XG and describes only severity 1 and 2 caveats and select severity 3 caveats.
•
Small percentage of packet drop seen for 64B packet with G.SHDSL.
When smaller packet size (64 B or 128 B) is used, the low-end routers (Cisco 1700 and Cisco 2600 routers) have lower performance.
Workaround: Use large size packets.
•
TCP checks should verify ack sequence number.
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products that contain a TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
•
TCP checks should verify ack sequence number.
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products that contain a TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Related Documentation
The following sections describe the documentation available for Cisco 1700 series routers. These documents consist of hardware and software installation guides, Cisco IOS configuration guides and command references, system error messages, feature modules, and other documents.
Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com and http://www.cisco.com/univercd/home/index.htm.
Use these release notes with these documents:
Release-Specific Documents
The following documents are specific to Cisco IOS Release 12.3 and are located on Cisco.com and http://www.cisco.com/univercd/home/index.htm:
•
On Cisco.com at:
Products and Solutions > Cisco IOS Software > Cisco IOS Software Releases 12.3 > Instructions and Guides > Release Notes
On http://www.cisco.com/univercd/home/index.htm at:
Cisco IOS Software > Cisco IOS Release 12.3 > Release Notes > Cross-Platform Release Notes
Note
•
•
As a supplement to the caveats listed in these release notes, see Caveats for Cisco IOS Release 12.3 and Caveats for Cisco IOS Release 12.3 T, which contains caveats applicable to all platforms for all maintenance releases of Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T.
On Cisco.com at:
Products & Services > IOS Software > Cisco IOS Software Releases 12.3 > Instructions and Guides > Release Notes > Release Notes for Cisco IOS Release 12.3, Part 5 > Caveats
On http://www.cisco.com/univercd/home/index.htm at:
Cisco IOS Software > Cisco IOS Release 12.3 > Release Notes > Caveats
•
Platform-Specific Documents
These documents are available for Cisco 1700 series routers:
On Cisco.com at:
Products and Solutions > Routers > Cisco 1700 Series Modular Access Routers
On http://www.cisco.com/univercd/home/index.htm at:
Product Documentation > Routers > Modular Access Routers > Cisco 1700 Series Routers
Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
http://tools.cisco.com/RPF/register/register.do
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents. The Cisco IOS software documentation set is shipped with your order in electronic form on the Documentation CD-ROM—unless you specifically ordered the printed versions.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference.
On Cisco.com at:
Products and Solutions > Cisco IOS Software > Cisco IOS Releases 12.3 > Instructions and Guides
On http://www.cisco.com/univercd/home/index.htm at:
Cisco IOS Software > Cisco IOS Release 12.3 > Configuration Guides and Command References
Cisco IOS Release 12.3 Documentation Set Contents
Table 6 lists the contents of the Cisco IOS Release 12.3 software documentation set, which is available in electronic form and in printed form if ordered.
On Cisco.com at:
Products and Solutions > Cisco IOS Software > Cisco IOS Releases 12.3 > Instructions and Guides
On http://www.cisco.com/univercd/home/index.htm at:
Cisco IOS Software > Cisco IOS Release 12.3
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feed-back, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Use this document in conjunction with the documents listed in the "Related Documentation" section.
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007, Cisco Systems, Inc. All rights reserved..
Guest
