Table Of Contents
Determining Your Software Release
Upgrading to a New Software Release
Determining Which Software Images (Feature Sets) Support a Specific Feature
Determining Which Features Are Supported in a Specific Software Image (Feature Set)
New Hardware and Software Features in Release 12.3(4)XD3 to Release 12.3(4)XD4
New Hardware and Software Features in Release 12.3(4)XD1 to Release 12.3(4)XD3
New Hardware Features in Release 12.3(4)XD
1-Port ADSL over POTs with Dying Gasp WAN Interface Card
Single Port Multiline G.SHDSL WIC
New Software Features in Release 12.3(4)XD
Enhanced ITU-T G.168 Echo Cancellation
Cisco NM-8AM-V2 and NM-16AM-V2 Analog Modem Network Modules with V.92
Static IP (AZR) and SSG Plug-and-Play
VXML on Cisco 2691 and Cisco 3700 Series Routers
Open Caveats—Cisco IOS Release 12.3(4)XD4
Resolved Caveats—Cisco IOS Release 12.3(4)XD4
Caveat Advisories - Resolved Caveats
Open Caveats—Cisco IOS Release 12.3(4)XD3
Resolved Caveats—Cisco IOS Release 12.3(4)XD3
Open Caveats—Cisco IOS Release 12.3(4)XD2
Resolved Caveats—Cisco IOS Release 12.3(4)XD2
Open Caveats—Cisco IOS Release 12.3(4)XD1
Resolved Caveats—Cisco IOS Release 12.3(4)XD1
Open Caveats—Cisco IOS Release 12.3(4)XD
Resolved Caveats—Cisco IOS Release 12.3(4)XD
Release Notes for the Cisco 2600XM Series and Cisco 2691 Modular Access Routers for Cisco IOS Release 12.3(4)XD
April 12, 2005
Cisco IOS Release 12.3(4)XD4
OL-5154-01 Rev. C2
These release notes for the Cisco 2600XM series and Cisco 2691 modular access routers describe the product-related enhancements provided in Cisco IOS Release 12.3(4)XD4. These release notes are updated as needed.
For a list of the software caveats that apply to Cisco IOS Release 12.3(4)XD4, see "Caveats" section. See also Caveats for Cisco IOS Release 12.3 T, which is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.3 T located on Cisco.com and the Documentation CD-ROM.
Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.
Contents
These release notes describe the following topics:
Inheritance Information
Cisco IOS Release 12.3(4)XD4, an early deployment release, is based on Cisco IOS Release 12.3(4)T, which in turn is based on Cisco IOS Release 12.3. Cisco IOS Release 12.3(4)T is the first early deployment maintenance release of Cisco IOS Release 12.3 T and is based on the mainline Cisco IOS Release 12.3. See Table 1 for more information.
All features in Cisco IOS Release 12.3(4)T are in Cisco IOS Release 12.3(4)XD4.
Table 1 References for the Cross-Platform Release Notes for Cisco IOS Release 12.3 T and Cisco IOS Release 12.3(4)T
•
Determining the Software Version
•
To view information about the topics in the left column, click Cross-Platform System Requirements at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123reqs.htm
•
•
•
To view information about the topics in the left column.
For Cisco IOS Release 12.3 T, go to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123newf.htm
Scroll down and click New Software Features in Cisco IOS Release 12.3(4)T, or MIBs, or Important Notes.
•
•
•
To view information about the topics in the left column, go to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123docs.htm
Introduction
Cisco IOS Release 12.3(4)XD4 supports the Cisco 2600XM series and Cisco 2691 modular access routers.
The Cisco 2600 series is a family of modular access routers, providing flexible LAN and WAN configurations, multiple security options and a range of high performance processors. This range of features makes the Cisco 2600 family the ideal branch-office router for today's business requirements.
The latest additions to the Cisco 2600 series family of modular routers include the Cisco 2600XM models and the Cisco 2691. These new models deliver extended performance, higher density, enhanced security performance and increased concurrent application support to meet the growing demands of branch offices.
The Cisco 2600 modular access routers offer versatility, integration, and power. With over 70 network modules and interfaces, the modular architecture of the Cisco 2600 Series easily allows interfaces to be upgraded to accommodate network expansion.
The Cisco 2600 series is a key member of the Cisco data/voice/video integration portfolio, delivering the industry's broadest range of end-to-end IP and Frame Relay-based packet telephony solutions.
The Cisco 2600 series shares modular interfaces with the Cisco 1600, Cisco 1700, Cisco 3600, and Cisco 3700 Series routers, providing a solution to meet the branch office needs for applications such as the following:
•
•
•
•
•
•
For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.3(4)XD4, see "New and Changed Information" section.
Early Deployment Releases
These release notes describe Cisco IOS Release 12.3(4)XD4 for the Cisco 2600XM series and Cisco 2691 modular access routers. Cisco IOS Release 12.3(4)XD4 is an early deployment (ED) release based on Release 12.3(4)T, which in turn is based on Cisco IOS Release 12.3. Early deployment releases contain fixes to software caveats as well as support for new Cisco hardware and software features. Feature support is cumulative from release to release, unless otherwise noted.
Table 2 lists new features supported by the Cisco 2600XM series and Cisco 2691 modular access routers in Cisco IOS Release 12.3(4)XD4. See Inheritance Information for a list of the documentation specific to the Cisco 2600XM series and Cisco 2691 modular access routers.
Table 2 Early Deployment Release New Features for the Cisco 2600XM series and Cisco 2691 Routers
AvailabilityCisco IOS Release 12.3(4)XD4
None
None
None
Cisco IOS Release 12.3(4)XD3
None
None
None
Cisco IOS Release 12.3(4)XD2
None
None
None
Cisco IOS Release 12.3(4)XD1
None
None
None
Cisco IOS Release 12.3(4)XD
Enhanced ITU-T G.168 Echo Cancellation
Cisco NM-8AM-V2 and NM-16AM-V2 Analog Modem Network Modules with V.92
Static IP (AZR) and SSG Plug-and-Play
1-Port ADSL over POTs with Dying Gasp WAN Interface Card
Single Port Multiline G.SHDSL WIC
Now
1 Only major features are listed.
2 MIB = Management Information Base
System Requirements
This section describes the system requirements for Cisco IOS Release 12.3(4)XD4 and includes the following sections:
•
•
Memory Recommendations
Table 3 displays the memory recommendations of the Cisco IOS feature sets for the Cisco 2600XM series and Cisco 2691 modular access routers for Cisco IOS Release 12.3(4)XD4.
Cisco 2600XM series and Cisco 2691 modular access routers are available with a 32-MB Flash memory card.
Supported Hardware
Cisco IOS Release 12.3(4)XD4 supports the following Cisco 2600 series platforms:
•
•
•
•
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
For a complete list of network modules and interface cards supported on Cisco 2600 series modular access routers, refer to the Cisco 2600 Series Relevant Interfaces and Modules table on Cisco.com at the following URL:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_relevant_interfaces_and_modules.html
Note
For information about supported hardware for this platform and release, refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Determining Your Software Release
To determine the version of Cisco IOS software running on the Cisco 2600XM series and Cisco 2691 modular access routers, log in to the router and enter the show version EXEC command:
Router> show versionCisco IOS Software, 2600 Software (C2600-SPSERVICESK9-MZ), Version 12.3(4)XD, RELEASE SOFTWARE (fc1)TAC Support: http://www.cisco.com/tacCopyright (c) 1986-2003 by Cisco Systems, Inc.Upgrading to a New Software Release
For general information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions located at: http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm.
Feature Support
Cisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. Each feature set contains a specific set of Cisco IOS features.
To improve the usability of the release notes documentation, Cisco IOS Release 12.3(4)XD4 release notes no longer contains the feature set tables. The feature-to-image mapping that was provided by the feature set tables is available through Cisco Feature Navigator.
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:
http://www.cisco.com/support/FeatureNav/FNFAQ.html
Caution
Determining Which Software Images (Feature Sets) Support a Specific Feature
To determine which software images (feature sets) in Cisco IOS Release 12.3(4)XD4 support a specific feature, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:
Step 1
Step 2
Step 3
Note
Repeat this step to add additional features. You can choose a maximum of 20 features for a single search.
Step 4
Step 5
Step 6
Step 7
Determining Which Features Are Supported in a Specific Software Image (Feature Set)
To determine which features are supported in a specific software image (feature set) in Cisco IOS Release 12.3(4)XD4, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
New and Changed Information
The following sections list the new hardware products and software features supported by the Cisco 2600XM series and Cisco 2691 modular access routers in Cisco IOS Release 12.3(4)XD.
New Hardware and Software Features in Release 12.3(4)XD3 to Release 12.3(4)XD4
No new hardware products or software features are supported in Cisco IOS Release 12.3(4)XD3 to Release 12.3(4)XD4.
New Hardware and Software Features in Release 12.3(4)XD1 to Release 12.3(4)XD3
No new hardware products or software features are supported in Cisco IOS Release 12.3(4)XD1 to Release 12.3(4)XD3.
New Hardware Features in Release 12.3(4)XD
The following new hardware products are supported in Cisco IOS Release 12.3(4)XD:
•
•
1-Port ADSL over POTs with Dying Gasp WAN Interface Card
Cisco IOS Release 12.3(4)XD introduces support for the new Cisco ADSL over POTs with Dying Gasp WAN interface card (WIC), WIC-1ADSL-DG, on the Cisco 2600 and 3700 Series routers. The WIC-1ADSL-DG card is a 1-port asymmetric digital subscriber line (ADSL) WIC for Cisco modular access routers. This 1-port WIC card allows the co-existence of ADSL and POTs on the same local loop and provides high-speed ADSL digital data transfer between a single customer premises equipment (CPE) subscriber and a central office. The WIC also provides support for dying gasp which is required in certain countries and provides for more effective enforcement of SLAs by Service Providers.
Single Port Multiline G.SHDSL WIC
A single port multi line G.SHDSL WAN interface card (WIC), or WIC-1SHDSL-V2 provides Multirate Symmetrical High-Speed Digital Subscriber Line (G.SHDSL) feature support for Two-Wire Mode and Four-Wire Mode for SHDSL on the Cisco 2600XM series, Cisco 2691, and Cisco 3700 series modular access routers. The WIC-1SHDSL-V2 incorporates the 2.x firmware version and the latest hybrid circuit from Globespan.
Network Analysis Module
Network Analysis Module for 2600XM/2691/3660/3700 platforms providing RMON2 and extended RMON capabilities. The NM-NAM leverages the functionality of the Cisco Catalyst 6500 Series and Cisco 7600 Series Network Analysis Module in a network module form factor.
For additional information, refer to the Network Analysis Module (NM-NAM) feature module at the following URL:
Restrictions
This feature has the following restrictions when used with Cisco IOS Release 12.3(4)XD.
•
•
NM-8AM-V2, NM-16AM-V2
The NM-8AM-V2 and NM-16AM-V2 network modules (NMs) serve as integrated analog modem NMs for the modular access routers. These network modules terminate either eight or sixteen analog modem connections through POTS interfaces.
Hardware Specifications
Each network module consists of eight or sixteen analog modems. See Table 4 for hardware specifications.
New Software Features in Release 12.3(4)XD
The following new software features are supported by the Cisco 2600XM series and Cisco 2691 modular access routers in Cisco IOS Release 12.3(4)XD:
•
•
•
•
Network Analysis Module
The Network Analysis Module (NM-NAM) feature is a network module that monitors and analyzes network traffic for a system using extended Remote Monitoring (RMON) standards, RMON2, and other Management Information Bases (MIBs).
For additional information, refer to the Network Analysis Module (NM-NAM) feature module at the following URL:
Enhanced ITU-T G.168 Echo Cancellation
The Enhanced ITU-T G.168 Echo Cancellation is extended to include platforms using the TI C5510 DSP. This Enhanced ITU-T G.168 Echo Cancellation is the only supported ECAN in Cisco IOS Release 12.3(4)XD except for NM-2V and Cisco AS5300.
Restrictions for G.168 Extended Echo Canceller
•
•
Four-Wire Mode for SHDSL
Four-Wire Mode for SHDSL adds four-wire support in fixed mode only on a single port multi line G.SHDSL WIC, or WIC-1SHDSL-V2, to build on the existing features of the Multirate Symmetrical High-Speed Digital Subscriber Line (G.SHDSL) feature supported on the 1-port G.SHDSL WAN interface card. Four-Wire Mode for SHDSL supports Cisco 2600XM series, Cisco 2691, Cisco 3600, and Cisco 3700 series routers and incorporates the 2.x firmware version and the latest hybrid circuit from Globespan. The four-wire feature of G.991.2 doubles the bandwidth in ATM mode and increases usable distance over two pairs of wires.
For additional information, refer to the Four-Wire Mode for SHDSL feature module at the following URL:
Two-Wire Mode over SHDSL
Two-Wire Mode over SHDSL adds ATM, E1 and T1 support on a single port multi line G.SHDSL WIC, or WIC-1SHDSL-V2, to build on the existing features of the Multirate Symmetrical High-Speed Digital Subscriber Line (G.SHDSL) feature supported on the 1-port G.SHDSL WAN interface card. Frame Mode TDM over G.SHDSL supports Cisco 2600XM series, Cisco 2691, and Cisco 3700 series routers and incorporates the 2.x firmware version and the latest hybrid circuit from Globespan.
Two-Wire Mode over SHDSL supports ATM, E1 and T1 in two-wire mode. Embedded Operations Channel (EOC) message support for customer premise equipment (CPE) is done for two-wire and four-wire and some central office (CO) messages are also supported. G.SHDSL process enhancements improve the performance and reduce the memory utilization.
For additional information, refer to the Two-Wire Mode for SHDSL feature module at the following URL:
Restrictions for Frame Mode TDM over G.SHDSL
•
•
•
•
•
•
•
Cisco NM-8AM-V2 and NM-16AM-V2 Analog Modem Network Modules with V.92
The Cisco NM-8AM-V2 and NM-16AM-V2 network modules (NMs) serve as integrated analog modem NMs for the modular access routers. These network modules terminate either eight or sixteen analog modem connections through POTS interfaces.
Key Features and Benefits
•
•
•
•
Modem Management
•
Note
Note
Platforms: 2610XM-2611XM; 2620XM-2621XM; 2650XM-2651XM; 2691; 3660; 3725; 3745
For additional information, refer to the Cisco NM-8AM-V2 and NM-16AM-V2 Analog Modem Network Modules with V.92 feature module at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123limit/123x/123xd/gtnmam.htm
Static IP (AZR) and SSG Plug-and-Play
Access Zone Router (AZR) and Service Selection Gateway (SSG) features provide a centralized public wireless LAN (PWLAN) solution.
For additional information, refer to the PWLAN Access Routers for the Cisco IOS Release 12.3(4)XD feature module at the following URL:
VXML on Cisco 2691 and Cisco 3700 Series Routers
Voice extensible markup language (VXML) on Cisco 2691 router and Cisco 37xx Series Routers adds VXML capability.
Limitations and Restrictions
Refer to each feature for individual limitations and restrictions.
Current MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Supported MIBs
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
Field Notices and Bulletins
•
•
•
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only selected severity 3 caveats are included in the caveats document.
This section contains open and resolved caveats for the current Cisco IOS maintenance release.
All caveats in Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T are also in Cisco IOS Release 12.3(4)XD4.
For information on caveats in Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T, see Caveats for Cisco IOS Release 12.3 T. These documents lists severity 1 and severity 2 caveats and only selected severity 3 caveats, and are located on Cisco.com and the Documentation CD-ROM.
Caveat numbers and brief descriptions for Release 12.3(4)XD4 are listed in this section.
Note
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
Open Caveats—Cisco IOS Release 12.3(4)XD4
•
If a misformed packet is received and queued up on the interface, this bug may also be triggered by other means which are not considered remotely exploitable such as the use of the command `show ip bgp neighbors' or running the command `debug ip bgp <neighbor> updates' for a configured bgp neighbor.
Cisco has made free software available to address this problem.
For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
Resolved Caveats—Cisco IOS Release 12.3(4)XD4
All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 5 Resolved Caveats for Cisco IOS Release 12.3(4)XD4
CSCeb56909
Cisco routers running Internetwork Operating System (IOS) that supports Multi Protocol Label Switching (MPLS) are vulnerable to a Denial of Service (DoS) attack on MPLS disabled interfaces.
The vulnerability is only present in Cisco IOS release trains based on 12.1T, 12.2, 12.2T, 12.3 and 12.3T. Releases based on 12.1 mainline, 12.1E and all releases prior to 12.1 are not vulnerable.
More details can be found in the security advisory which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml.
CSCeb88239
const2:crash RIPv6_input after sending 1 packet to FF02::9 M/cast Ad
Symptoms: A router that runs RIPng may crash after receiving a malformed RIPng packet, causing a Denial of Service (DoS) on the device.
Conditions: This symptom is observed when the ipv6 debug rip command is entered on the router. Malformed packets can normally be sent locally. However, when the ipv6 debug rip command is entered, the crash can also be triggered remotely.
Note
Workaround: None.
CSCec79609
MLPoA: Multilink interface comes up as Virtual-Access
Symptoms: A Multilink PPP over ATM (MLPoA) bundle that is configured by using a multilink interface may come up as a virtual-access interface, but the multilink interface may remain inactive as an MLP bundle.
Conditions: This symptom is observed after a bundle reset, which may be triggered by entering the clear interface user EXEC or privileged EXEC command for the multilink interface or for a virtual-access member.
Workaround: None
CSCec86420
Symptoms: When you enter the undebug all privileged EXEC command on a Cisco router, all traffic that passes through an encrypted generic routing encapsulation (GRE) tunnel may stop.
Conditions: This symptom is observed on a Ciscorouter that is configured with a GRE tunnel that is secured via IP Security (IPSec) and that is using Cisco Express Forwarding (CEF) switching.
Workaround: Reinitialize CEF switching by entering the no ip cef global configuration command followed by the ip cef global configuration command.
Alternate Workaround: Do not enter the undebug all privileged EXEC command. Rather, individually disable each debug command.
CSCec88490
Cosmetic Display CLI Related Issues
Symptom: When doing a line-mode 2-wire ? in ATM mode on WIC-1SHDSL-V2, the help text displays incorrect mapping between the line number & the pins used.
Explanation: When the DSL controller needs to be configured in 2-wire ATM mode, the line to be used has to be specified. In the help to choose the line, the pins used should be specified as: line-one Line one (RJ-11 pins 2&5) line-zero Line zero (RJ-11 pins 3&4)
Instead the pins used are specified as: line-one Line one (RJ-11 pins 3&4) line-zero Line zero (RJ-11 pins 2&5)
Conditions: WIC-1SHDSL-V2 in ATM mode.
Workaround: None
CSCed21034
atmVclTable maps all PVCs to all subinterfaces
Symptoms:
-Each ATM PVC is linked to each ATM (sub)interface in the atmVclTable.
-The atmVclTable is indexed by ifIndex. For a specific PVC, this should point to the ifIndex/interface on which this PVC is present. However, the atmVclTable contains one entry per ifIndex for each PVC.
Conditions: These symptoms are observed in a Cisco IOS image that contains the fix for CSCea63829.
Workaround: None
CSCed40933
Cisco Internetwork Operating System (IOS) Software is vulnerable to a Denial of Service (DoS) attack from crafted IPv6 packets when the device has been configured to process IPv6 traffic. This vulnerability requires multiple crafted packets to be sent to the device which may result in a reload upon successful exploitation.
More details can be found in the security advisory, which is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml.
CSCed65285
ssh leaks memory and buffers
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
CSCed65778
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml
CSCed78149
TCP connections doing PMTU discovery ulnerable to spoofed ICMP pkts
Symptoms: TCP connections may be vulnerable to spoofed ICMP packets. A spoofed ICMP packet may cause the TCP connection to use a very low segment size for 10 minutes at a time.
Conditions: This symptom is observed when TCP connections are configured for PMTU discovery. Note that PMTU discovery is disabled by default on a router.
Workaround: Disable PMTU discovery.
CSCee14958
Clock glitch in the Spock FPGA and SCC sync/idle flags correction
Symptoms: A SAR on a DSL WIC may cause reduced throughput, an increase in delay, or both because the bandwidth that is configured for the VC may be corrupted.
Conditions: This symptom is observed on a Cisco 3700 series.
Workaround: None
CSCee56149
DSLSAR: Incorrect sequence of TSI and tail pointer in the TX path
Symptoms: Acknowledgements coming from a WIC may be lost, and the transmission may lock up. The missing acknowledgements may be recovered if the number of acknowledgements is more than one.
Conditions: This symptom is observed on a Cisco 2600 series that is configured with an ADSL or G.SHDSL WIC.
Workaround: If the transmission locks up, reset the interface. However, you can prevent the lock up from occurring by entering the tx-ring-limit ring- limit command on the PVC and by entering 24, 6, 5, or 2 for the ring- limit argument.
CSCef44193
Line-Rate on Line 0 not reported correctly
Symptom: show controller DSL may show incorrect line-rate on line 0, with Release 12.3(4)XD1. If the line trains at a slower rate than the configured rate, under certain conditions the router will display the configured rate rather than the trained rate.
Workaround: None. This is fixed in all subsequent releases.
CSCef46191
Unable to telnet
Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. All other device services will operate normally.
Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected.
Workaround: The detail advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
CSCef66120
ATM MIBs not working properly for DSL WICs on c2600
Symptom: ATM Subinterfaces are not present in IF-MIB.
Conditions: Customer has a SHDSLv2 WIC operating in ATM mode.
Workaround: None
CSCeg00277
Profile attributes are ignored when certificates are matched
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
CSCeg01135
SHDSL-T1/E1 Related Commands should be Disabled for Cisco 2691 or higher
Note
CSCin70150
ATM subinterfaces are not added to ifTable in reformation images
Symptoms: ATM-related MIBS cannot be used to monitor ATM subinterfaces.
Conditions: This symptom is observed on a Cisco 2600 series and Cisco 3700 series when ATM subinterfaces are not added to the "ifTable" in ipbase-mz, ipvoice-mz, entbase-mz, and advsecurityk9-mz images of Cisco IOS software.
Workaround: None. Note that the symptom does not occur in entservicesk9-mz images of Cisco IOS software.
CSCin82407
XAUTH failure + Blank ack can allow Phase 2 negotiation
Cisco Internetwork Operating System (IOS) Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server.
Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
This advisory will be posted to http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml
Caveat Advisories - Resolved Caveats
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Open Caveats—Cisco IOS Release 12.3(4)XD3
There are no open caveats specific to Cisco IOS Release 12.3(4)XD3 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.3(4)XD3
All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD3. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 6 Resolved Caveats for Cisco IOS Release 12.3(4)XD3
CSCed84634
Under High Link Utlization OAM may bring VC down on DSL ATM int
Symptoms: Without the solution for this problem, some of the Operation, Administration, and Maintenance (OAM) packets may be lost over a permanent virtual circuit (PVC) configured on a digital subscriber line (DSL)(either ADSL or G.SHDSL) Interface which may result in the PVC flapping (going down and coming back up). The fix for this bug would introduce delay in sending the OAM requests/replies in the order of tens of milli seconds.
Independent of this bug, the time required to send a OAM packet or respond to a OAM request packet from the far end depends the size of the data packets and the PVC bandwidth.
Workaround: In order to improve OAM response times and as a potential means to prevent the PVC going down, configure a smaller TX RING on a PVC (which will reduce the head of line delay for OAM packets) and configure larger OAM timeouts using the oam retry command and/or reducing the frequency of the the OAM packets using the oam-pvc manage <loopback frequency in seconds> command under the PVC configuration.
It is, however, important to note that for some applications, smaller TXRING values may introduce throughput loss. And the choice of TXRING value should be based on the delay requirements, if any, and the throughput.
CSCee08584
Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages.
A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Cisco has made free software upgrades available to address this vulnerability for all affected customers.
This vulnerability is documented by Cisco bug ID CSCee08584.
CSCee54372
Perf. counters rollover on the DSLAM may bring the SHDSL line down
Symptoms: The performance counter values (es, ses, crc, uas, losw) sent through the embedded operation channel (EOC) by the WIC-1SHDSL are occasionally interpreted as extremely high values by a third-party DSLAM.
For example, even though the customer premise equipment (CPE) sends 0 as the CRC value, the DSLAM displays it as 65536. Depending upon the configuration of the DSLAM, the line may come DOWN due to perceived overflow of the counters, even though there is no real overflow.
Workaround: There is no workaround.
CSCee76166
WIC-1-SHDSL-V2 may take long time to train with ECI DSLAM in 4-wire
Symptoms: When multiple virtual circuits (VC) are configured, there is a possibility of losing bandwidth for one of the VCs. This may result in packet drops if the traffic on the VC pumped to the VC-configured bandwidth.
Conditions: This will happens when more than 2 VC are configured with a specific bandwidth only.
Workaround : Reordering the VC configuration may help. There is no workaround.
Open Caveats—Cisco IOS Release 12.3(4)XD2
There are no open caveats specific to Cisco IOS Release 12.3(4)XD2 that require documentation in the release notes.
Resolved Caveats—Cisco IOS Release 12.3(4)XD2
All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD2. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Open Caveats—Cisco IOS Release 12.3(4)XD1
There are no open caveats specific to Cisco IOS Release 12.3(4)XD1 that require documentation in these release notes.
Resolved Caveats—Cisco IOS Release 12.3(4)XD1
All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD1. This section describes only severity 1 and 2 caveats and select severity 3 caveats.
Table 8 Open Caveats for Cisco IOS Release 12.3(4)XD1
CSCed27956
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
CSCed38527
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOSĀ® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
Open Caveats—Cisco IOS Release 12.3(4)XD
This section documents possible unexpected behavior by Cisco IOS Release 12.3(4)XD and describes only severity 1 and 2 caveats and select severity 3 caveats.
Resolved Caveats—Cisco IOS Release 12.3(4)XD
There are no resolved caveats specific to Cisco IOS Release 12.3(4)XD that require documentation in these release notes.
Guest
