Cisco IOS Software Releases 12.3 Special and Early Deployments

Table Of Contents

Release Notes for the Cisco VG224 Analog Gateway for Cisco IOS Release 12.3(4)XD

Contents

Inheritance Information

Introduction

Early Deployment Releases

System Requirements

Memory Recommendations

Supported Hardware

Determining Your Software Release

Upgrading to a New Software Release

Feature Support

Determining Which Software Images (Feature Sets) Support a Specific Feature

Determining Which Features Are Supported in a Specific Software Image (Feature Set)

New and Changed Information

New Hardware and Software Features in Release 12.3(4)XD3 to Release 12.3(4)XD4

New Hardware and Software Features in Release 12.3(4)XD1 to Release 12.3(4)XD3

New Hardware Features in Release 12.3(4)XD

Cisco VG224 24-Port Analog Phone Gateway

New Software Features in Release 12.3(4)XD

Cisco VG224 24 Port Analog Phone Gateway

Limitations and Restrictions

Current MIBs

Supported MIBs

Field Notices and Bulletins

Caveats

Open Caveats—Cisco IOS Release 12.3(4)XD4

Resolved Caveats—Cisco IOS Release 12.3(4)XD4

Caveat Advisories - Resolved Caveats

Open Caveats—Cisco IOS Release 12.3(4)XD3

Resolved Caveats—Cisco IOS Release 12.3(4)XD3

Open Caveats—Cisco IOS Release 12.3(4)XD2

Resolved Caveats—Cisco IOS Release 12.3(4)XD2

Open Caveats—Cisco IOS Release 12.3(4)XD1

Resolved Caveats—Cisco IOS Release 12.3(4)XD1

Open Caveats—Cisco IOS Release 12.3(4)XD

Resolved Caveats—Cisco IOS Release 12.3(4)XD

Release Notes for the Cisco VG224 Analog Gateway for Cisco IOS Release 12.3(4)XD

---

April 12, 2005

Cisco IOS Release 12.3(4)XD4

OL-5153-01 Rev. C0

These release notes for the Cisco VG224 analog gateway describe the product-related enhancements provided in Cisco IOS Release 12.3(4)XD4. These release notes are updated as needed.

For a list of the software caveats that apply to Cisco IOS Release 12.3(4)XD4, see "Caveats" section. See also Caveats for Cisco IOS Release 12.3 T, which is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.

Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.3 T located on Cisco.com and the Documentation CD-ROM.

Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

Contents

These release notes describe the following topics:

•Inheritance Information

•Introduction

•Early Deployment Releases

•System Requirements

•New and Changed Information

•Limitations and Restrictions

•Current MIBs

•Field Notices and Bulletins

•Caveats

Inheritance Information

Cisco IOS Release 12.3(4)XD4, an early deployment release, is based on Cisco IOS Release 12.3(4)T, which in turn is based on Cisco IOS Release 12.3. Cisco IOS Release 12.3(4)T is the first early deployment maintenance release of Cisco IOS Release 12.3 T and is based on the mainline Cisco IOS Release 12.3. Refer to Table 1 for more information.

All features in Cisco IOS Release 12.3(4)T are in Cisco IOS Release 12.3(4)XD4.

Table 1 References for the Cross-Platform Release Notes for Cisco IOS Release 12.3 T and Cisco IOS Release 12.3(4)T

Topic	Location
•Determining the Software Version •Upgrading to a New Software Release	To view information about the topics in the left-hand column, click Cross-Platform System Requirements at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123reqs.htm
•New and Changed Information (Feature Descriptions) •MIBs •Important Notes	To view information about the topics in the left-hand column for Cisco IOS Release 12.3 T, go to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123newf.htm Scroll down and click New Software Features in Cisco IOS Release 12.3(4)T, or MIBs, or Important Notes.
•Related Documentation •Obtaining Documentation •Obtaining Technical Assistance	To view information about the topics in the left-hand column, go to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123relnt/xprn123/123docs.htm

Introduction

Cisco IOS Release 12.3(4)XD4 supports the Cisco VG224 analog gateway.

The Cisco VG224 series is a family of analog gateways. The Cisco VG224 has 24-port FXS through an RJ-21 connector and two 10/100BaseT interfaces.

For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.3(4)XD4, see "New and Changed Information" section.

Early Deployment Releases

These release notes describe Cisco IOS Release 12.3(4)XD4 for the Cisco VG224 analog gateway. Cisco IOS Release 12.3(4)XD4 is an early deployment (ED) release based on Release 12.3(4)T, which in turn is based on Cisco IOS Release 12.3. Early deployment releases contain fixes to software caveats as well as support for new Cisco hardware and software features. Feature support is cumulative from release to release, unless otherwise noted.

Table 2 lists new features supported by the Cisco VG224 analog gateway in Cisco IOS Release 12.3(4)XD4. See "Inheritance Information" section for a list of the documentation specific to the Cisco VG224 analog gateway.

Table 2 Early Deployment Release New Features for the Cisco VG224 Analog Gateway

ED Release	Additional Software Features1 and MIBs2	Additional Hardware	Hardware Availability
Cisco IOS Release 12.3(4)XD4	None	None	None
Cisco IOS Release 12.3(4)XD3	None	None	None
Cisco IOS Release 12.3(4)XD2	None	None	None
Cisco IOS Release 12.3(4)XD1	None	None	None
Cisco IOS Release 12.3(4)XD	Cisco VG224 24 Port Analog Phone Gateway	Cisco VG224 24-Port Analog Phone Gateway	Now

1 Only major features are listed. 2 MIB = Management Information Base

System Requirements

This section describes the system requirements for Cisco IOS Release 12.3(4)XD4 and includes the following sections:

•Memory Recommendations

•Supported Hardware

•Determining Your Software Release

•Upgrading to a New Software Release

•Feature Support

Memory Recommendations

Table 3 lists the memory recommendations of the Cisco IOS feature sets for the Cisco VG224 analog gateway for Cisco IOS Release 12.3(4)XD4.

The Cisco VG224 analog gateway is available with a 32-MB Flash memory card.

Table 3 Cisco Release 12.3(4)XD4 Memory Recommendations for the Cisco VG224 Analog Gateway 

Feature Set	Software Image	Recommended Flash Memory	Recommended DRAM Memory	Runs From
Cisco VG224
IP Subset/IPSEC 64 Bit/Voice	vg224-i6k9s-mz	32 MB	64 MB	RAM
IP Subset/Voice	vg224-i6s-mz	32 MB	64 MB	RAM

Supported Hardware

Cisco IOS Release 12.3(4)XD4 supports the following platforms:

•Cisco VG224 analog gateway

For detailed descriptions of the new hardware features, see the "New and Changed Information" section.

For information about supported hardware for this platform and release, refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:

http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi

Determining Your Software Release

To determine the version of Cisco IOS software running on the Cisco VG224 analog gateway, log in to the gateway and enter the show version EXEC command:

Router> show version

Cisco IOS Software, vg224 Software (vg224-I6K9S-M), Version 

12.3(4)XD,  RELEASE SOFTWARE (fc1) 

TAC Support: http://www.cisco.com/tac 

Copyright (c) 1986-2003 by Cisco Systems, Inc. 

Upgrading to a New Software Release

For general information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions located at: http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm.

Feature Support

Cisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. Each feature set contains a specific set of Cisco IOS features.

To improve the usability of the release notes documentation, Cisco IOS Release 12.3(4)XD release notes no longer contains the feature set tables. The feature-to-image mapping that was provided by the feature set tables is available through Cisco Feature Navigator.

Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp

For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:

http://www.cisco.com/support/FeatureNav/FNFAQ.html

---

Caution Cisco IOS images with strong encryption (including, but not limited to 168-bit (3DES) data encryption feature sets) are subject to U.S. government export controls and have limited distribution. Strong encryption images to be installed outside the United States are likely to require an export license. Customer orders may be denied or subject to delay because of U.S. government regulations. When applicable, the purchaser/user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or send an e-mail to export@cisco.com.

---

Determining Which Software Images (Feature Sets) Support a Specific Feature

To determine which software images (feature sets) in Cisco IOS Release 12.3(4)XD4 support a specific feature, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:

---

Step 1 From the Cisco Feature Navigator home page, click Feature.

Step 2 To find a feature, choose either Search by full or partial feature name or Browse features in alphabetical order. Either a list of features that match the search criteria or a list of features that begin with the number or letter selected from the ordered list appear.

Step 3 Select a feature from the left text box and click Add.

---

Note To learn more about a feature in the list, click Description.

---

Repeat this step to add additional features. You can choose a maximum of 20 features for a single search.

Step 4 Click Continue.

Step 5 From the Major Release drop-down menu, choose 12.3T.

Step 6 From the Release drop-down menu, choose the appropriate maintenance release.

Step 7 From the Platform Family drop-down menu, choose the appropriate hardware platform. All software images (feature sets) that support the features that you selected appear.

---

Determining Which Features Are Supported in a Specific Software Image (Feature Set)

To determine which features are supported in a specific software image (feature set) in Cisco IOS Release 12.3(4)XD4, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:

---

Step 1 From the Cisco Feature Navigator home page, click Compare/Release.

Step 2 In the "Find the features in a specific Cisco IOS release, using one of the following methods:" box, choose 12.3 T from the Cisco IOS Major Release drop-down menu.

Step 3 Click Continue.

Step 4 From the Release drop-down menu, choose the appropriate maintenance release.

Step 5 From the Platform Family drop-down menu, choose the appropriate hardware platform.

Step 6 From the Feature Set drop-down menu, choose the appropriate feature set. All features that are supported by the feature set (software image) that you selected appear.

---

New and Changed Information

The following sections list the new hardware products and software features supported by the Cisco VG224 analog gateway in Cisco IOS Release 12.3(4)XD4.

New Hardware and Software Features in Release 12.3(4)XD3 to Release 12.3(4)XD4

No new hardware products or software features are supported in Cisco IOS Release 12.3(4)XD3 to Release 12.3(4)XD4.

New Hardware and Software Features in Release 12.3(4)XD1 to Release 12.3(4)XD3

No new hardware products or software features are supported in Cisco IOS Release 12.3(4)XD1 to Release 12.3(4)XD3.

New Hardware Features in Release 12.3(4)XD

The following new hardware product is supported in Cisco IOS Release 12.3(4)XD:

Cisco VG224 24-Port Analog Phone Gateway

Cisco VG224 is a 24-port analog phone gateway based on Cisco IOS software. The platform has 24-port FXS through an RJ-21 connector and two 10/100BaseT interfaces. Cisco VG224 is supported on CCM Release 3.2 or later.

New Software Features in Release 12.3(4)XD

The following new software feature is supported by the Cisco VG224 analog gateway in Cisco IOS Release 12.3(4)XD:

•Cisco VG224 24 Port Analog Phone Gateway

Cisco VG224 24 Port Analog Phone Gateway

Cisco VG224 is a 24-port analog phone gateway based on Cisco IOS software. Cisco VG224 enables a hybrid of using VoIP Technology (AVVID based architectures with Cisco Call Manager as call control) with TDM analog endpoints (analog phones, fax machines, analog modems). Cisco VG224 is supported on CCM Release 3.2 or later.

Limitations and Restrictions

Refer to each feature for individual limitations and restrictions.

Current MIBs

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

Supported MIBs

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

Field Notices and Bulletins

•Field Notices—Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/770/index.shtml. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/770/index.shtml.

•Product Bulletins—If you have an account on Cisco.com, you can find product bulletins at http://www.cisco.com/warp/customer/cc/general/bulletin/index.shtml. If you do not have a Cisco.com login account, you can find product bulletins at http://www.cisco.com/warp/public/cc/general/bulletin/iosw/index.shtml.

•What's New for IOS—What's New for IOS lists recently posted Cisco IOS software releases and software releases that have been removed from Cisco.com. If you have an account on Cisco.com, you can access What's New for IOS at http://www.cisco.com/kobayashi/sw-center/sw-ios.shtml or by logging in and selecting Software Center: Cisco IOS Software: What's New for IOS.

Caveats

Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only selected severity 3 caveats are included in the caveats document.

This section contains open and resolved caveats for the current Cisco IOS maintenance release.

All caveats in Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T are also in Cisco IOS Release 12.3(4)XD4.

For information on caveats in Cisco IOS Release 12.3 and Cisco IOS Release 12.3 T, see Caveats for Cisco IOS Release 12.3 T. These documents lists severity 1 and severity 2 caveats and only selected severity 3 caveats, and are located on Cisco.com and the Documentation CD-ROM.

Caveat numbers and brief descriptions for Release 12.3(4)XD4 are listed in this section.

---

Note If you have an account on Cisco.com, you can use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com by clicking the Log In button on the right side, go to the drop down menu on the top bar of the page and select Technical Support: Tools & Utilities: Software Bug Toolkit (under Troubleshooting Tools). Another option is to enter the following URL in your web browser or go to
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl

---

Open Caveats—Cisco IOS Release 12.3(4)XD4

There are no open caveats specific to Cisco IOS Release 12.3(4)XD4 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.3(4)XD4

All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD4. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 4 Resolved Caveats for Cisco IOS Release 12.3(4)XD4 

DDTS ID Number	Description
CSCeb88239	const2:crash RIPv6_input after sending 1 packet to FF02::9 M/cast Ad Symptoms: A router that runs RIPng may crash after receiving a malformed RIPng packet, causing a Denial of Service (DoS) on the device. Conditions: This symptom is observed when the ipv6 debug rip command is entered on the router. Malformed packets can normally be sent locally. However, when the ipv6 debug rip command is entered, the crash can also be triggered remotely. Note RIP for IPv4 is not affected by this vulnerability. Workaround: None.
CSCec79609	MLPoA: Multilink interface comes up as Virtual-Access Symptoms: A Multilink PPP over ATM (MLPoA) bundle that is configured by using a multilink interface may come up as a virtual-access interface, but the multilink interface may remain inactive as an MLP bundle. Conditions: This symptom is observed after a bundle reset, which may be triggered by entering the clear interface user EXEC or privileged EXEC command for the multilink interface or for a virtual-access member. Workaround: None
CSCec88490	Cosmetic Display CLI Related Issues Symptom: When doing a line-mode 2-wire ? in ATM mode on WIC-1SHDSL-V2, the help text displays incorrect mapping between the line number & the pins used. Explanation: When the DSL controller needs to be configured in 2-wire ATM mode, the line to be used has to be specified. In the help to choose the line, the pins used should be specified as: line-one Line one (RJ-11 pins 2&5) line-zero Line zero (RJ-11 pins 3&4) Instead the pins used are specified as: line-one Line one (RJ-11 pins 3&4) line-zero Line zero (RJ-11 pins 2&5) Conditions: WIC-1SHDSL-V2 in ATM mode. Workaround: None
CSCed21034	atmVclTable maps all PVCs to all subinterfaces Symptoms: -Each ATM PVC is linked to each ATM (sub)interface in the atmVclTable. -The atmVclTable is indexed by ifIndex. For a specific PVC, this should point to the ifIndex/interface on which this PVC is present. However, the atmVclTable contains one entry per ifIndex for each PVC. Conditions: These symptoms are observed in a Cisco IOS image that contains the fix for CSCea63829. Workaround: None
CSCed78149	TCP connections doing PMTU discovery ulnerable to spoofed ICMP pkts Symptoms: TCP connections may be vulnerable to spoofed ICMP packets. A spoofed ICMP packet may cause the TCP connection to use a very low segment size for 10 minutes at a time. Conditions: This symptom is observed when TCP connections are configured for PMTU discovery. Note that PMTU discovery is disabled by default on a router. Workaround: Disable PMTU discovery.
CSCee14958	Clock glitch in the Spock FPGA and SCC sync/idle flags correction Symptoms: A SAR on a DSL WIC may cause reduced throughput, an increase in delay, or both because the bandwidth that is configured for the VC may be corrupted. Conditions: This symptom is observed on a Cisco 3700 series. Workaround: None
CSCee56149	DSLSAR: Incorrect sequence of TSI and tail pointer in the TX path Symptoms: Acknowledgements coming from a WIC may be lost, and the transmission may lock up. The missing acknowledgements may be recovered if the number of acknowledgements is more than one. Conditions: This symptom is observed on a Cisco 2600 series that is configured with an ADSL or G.SHDSL WIC. Workaround: If the transmission locks up, reset the interface. However, you can prevent the lock up from occurring by entering the tx-ring-limit ring- limit command on the PVC and by entering 24, 6, 5, or 2 for the ring- limit argument.
CSCef44193	Line-Rate on Line 0 not reported correctly Symptom: show controller DSL may show incorrect line-rate on line 0, with Release 12.3(4)XD1. If the line trains at a slower rate than the configured rate, under certain conditions the router will display the configured rate rather than the trained rate. Workaround: None. This is fixed in all subsequent releases.
CSCef46191	Unable to telnet Symptoms: A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet port of a Cisco device running Internetwork Operating System (IOS) may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions established prior to exploitation are not affected. All other device services will operate normally. Conditions: User initiated specially crafted TCP connection to a telnet or reverse telnet port results in blocking further telnet sessions. Whereas, services such as packet forwarding, routing protocols and all other communication to and through the device remains unaffected. Workaround: The detail advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml
CSCef66120	ATM MIBs not working properly for DSL WICs on c2600 Symptom: ATM Subinterfaces are not present in IF-MIB. Conditions: Customer has a SHDSLv2 WIC operating in ATM mode. Workaround: None
CSCeg01135	SHDSL-T1/E1 Related Commands should be Disabled for Cisco 2691 or higher Note T1/E1 mode for WIC-1SHDSL-V2 cards is not supported. Commands related to T1/E1 should not be used.
CSCin70150	ATM subinterfaces are not added to ifTable in reformation images Symptoms: ATM-related MIBS cannot be used to monitor ATM subinterfaces. Conditions: This symptom is observed on a Cisco 2600 series and Cisco 3700 series when ATM subinterfaces are not added to the "ifTable" in ipbase-mz, ipvoice-mz, entbase-mz, and advsecurityk9-mz images of Cisco IOS software. Workaround: None. Note that the symptom does not occur in entservicesk9-mz images of Cisco IOS software.

Caveat Advisories - Resolved Caveats

•CSCef60659: More stringent checks required for ICMP unreachables

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCsa59600: IPSec PMTUD not working [after CSCef44225]

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCef43691: L2TPv3 and UTI sessions doing PMTUD vulnerable to spoofed ICMP paks

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCef44225: IPSec (ESP-AH) doing PMTUD vulnerable to spoofed ICMP packets

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCef44699: GRE and IPinIP doing PMTUD vulnerable to spoofed ICMP packets

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCef61610: Incorrect handling of ICMPv6 messages can cause TCP performance problems

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCsa61864: Enhancements to L2TPv3 PMTUD may not work [Follow-up to CSCef43691]

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCed78149: TCP connections doing PMTU discovery vulnerable to spoofed ICMP pkts

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

•CSCsa52807: L2TP doing PMTUD vulnerable to spoofed ICMP paks

A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

Open Caveats—Cisco IOS Release 12.3(4)XD3

There are no open caveats specific to Cisco IOS Release 12.3(4)XD3 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.3(4)XD3

All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD3. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 5 Open Caveats for Cisco IOS Release 12.3(4)XD3 

DDTS ID Number	Description
CSCed84634	Under High Link Utlization OAM may bring VC down on DSL ATM int Symptoms: Without the solution for this problem, some of the Operation, Administration, and Maintenance (OAM) packets may be lost over a permanent virtual circuit (PVC) configured on a digital subscriber line (DSL)(either ADSL or G.SHDSL) Interface which may result in the PVC flapping (going down and coming back up). The fix for this bug would introduce delay in sending the OAM requests/replies in the order of tens of milli seconds. Independent of this bug, the time required to send a OAM packet or respond to a OAM request packet from the far end depends the size of the data packets and the PVC bandwidth. Workaround: In order to improve OAM response times and as a potential means to prevent the PVC going down, configure a smaller TX RING on a PVC (which will reduce the head of line delay for OAM packets) and configure larger OAM timeouts using the oam retry command and/or reducing the frequency of the the OAM packets using the oam-pvc manage <loopback frequency in seconds> command under the PVC configuration. It is, however, important to note that for some applications, smaller TXRING values may introduce throughput loss. And the choice of TXRING value should be based on the delay requirements, if any, and the throughput.
CSCee01387	Packet Dropping at High Throughput and Small packet Size Symptoms: Packet dropping is observed on 12.3(7.4)PI4 on 4-wire DSL ATM with one PVC with vbr-nrt 4608 4608 and packet is sent from Smartbit with 70 IP packet(84 bytes at SmartBit) size and 5432 pps. Interace atm has 5.3 Mb clock. Workaround: None
CSCee08584	Cisco Internetwork Operating System (IOS) Software release trains 12.1YD, 12.2T, 12.3 and 12.3T, when configured for Cisco's IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) may contain a vulnerability in processing certain malformed control protocol messages. A successful exploitation of this vulnerability may cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS). This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml Cisco has made free software upgrades available to address this vulnerability for all affected customers. This vulnerability is documented by Cisco bug ID CSCee08584.
CSCee54372	Perf. counters rollover on the DSLAM may bring the SHDSL line down Symptoms: The performance counter values (es, ses, crc, uas, losw) sent through the embedded operation channel (EOC) by the WIC-1SHDSL are occasionally interpreted as extremely high values by a third-party DSLAM. For example, even though the customer premise equipment (CPE) sends 0 as the CRC value, the DSLAM displays it as 65536. Depending upon the configuration of the DSLAM, the line may come DOWN due to perceived overflow of the counters, even though there is no real overflow. Workaround: None
CSCee76166	WIC-1-SHDSL-V2 may take long time to train with ECI DSLAM in 4-wire Symptoms: When multiple virtual circuits (VC) are configured, there is a possibility of losing bandwidth for one of the VCs. This may result in packet drops if the traffic on the VC pumped to the VC-configured bandwidth. Conditions: This will happens when more than 2 VC are configured with a specific bandwidth only. Workaround : Reordering the VC configuration may help. There is no workaround.

Open Caveats—Cisco IOS Release 12.3(4)XD2

There are no open caveats specific to Cisco IOS Release 12.3(4)XD2 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.3(4)XD2

All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD2. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 6 Open Caveats for Cisco IOS Release 12.3(4)XD2 

DDTS ID Number	Description
CSCed72331	Internal serial interface messages pop up on SHDSL interface reset Symptom: The internal serial interface UP/DOWN message is seen on the console when [no] mode atm is configured in the WIC-1SHDSL-V2 module. This is seen only when the WAN interface card (WIC) is placed in a Cisco 2691 or Cisco 37xx motherboard. The internal serial interface message is not seen with Cisco 26xx and Fast Ethernet network module (FE NM) platforms. The same problem is seen with the WIC-1SHDSL module on the Cisco 2691 or Cisco 37xx platforms when the router boots up. Workaround: There is no workaround.
CSCed29194	Message Display Issue:aal2_vc_sar_info_remove Symptom: A message "aal2_vc_sar_info_remove" appears while configuring the non AAL2 virtual circuit in a subinterface. Workaround: There is no workaround. This problem doesn't harm any functionality. For some customers, unwanted messages are not likely to be seen popping up during the permanent virtual circuit (PVC) configuration.
CSCea58939	Path confm fails on shut/no shut on WIC-GSHDSL with NM-HDV Symptom: Path confirmation failure messages are observed when VOIP calls are being setup and torn down by using Abacus tester, while the WIC-GSHDSL module (which is not in datapath) is shut; then, no-shut. Conditions: •Cisco 2600, Cisco 2691, and Cisco 3700 routers •Any existing images •VOIP calls are continually setup and torn down with the Abacus tester such that a high number of calls are made quickly. When more calls are made, this problem occurs more easily. •WIC-GSHDSL (which is not even in datapath) is shut, then enter the no shut command while these VOIP calls are being made. Workaround: Do not make VOIP call while issuing a no-shut command to the WIC-GSHDSL module. Wait until the WIC-GSHDSL is up. Further Problem Description: •The problem is likely to occur also on the WIC-1-ADSL and WIC-1-GSHDSL-V2 modules. •The problem is likely to be caused by xDSL WICs taking too much CPU time during the no shut command.
CSCed50752	sh controller dsl is up but atm interface is down. Symptom: WIC-1-SHDSL-V2 DSL interface may be up but ATM is down. Conditions: •Cisco 2600, Cisco 2691, and Cisco 3700 routers •Any existing images Workaround: Ther e is no workaround. The ATM interface does not come up with the shut and no shut commands. Further Problem Description: This is only specific to WIC-1-SHDSL-V2 WIC.
CSCed71659	CoS Configuration under ATM Interface after Reload Router Symptom: On the WIC-1SHDSL-V2 module with certain DSL data rates (rates greater than 2304), configured class services like VBR-NRT 3200 3200 1 could be missing after the router is reloaded. Workaround: Enable the missing configuration again after reload.
CSCed14031	EOC msg 17 not received by WIC-1SHDSL and WIC-1SHDSL-V2 from Alcatel DSLAM. Symptom: Embedded operations channels (EOC) message 17 is not received by WIC-1SHDSL and WIC-1SHDSL-V2 even though a certain third-party digital subscriber line access multiplier (DSLAM) sends it periodically. This is because the said DSLAM sends message 11 and message 17 with one 7E in between. The GTI_EOM interrupt is generated by the firmware on two consecutive 7Es. Hence, message 17 is not processed by the customer premise equipment (CPE) (SHDSL WIC). The problem has no impact on functionality or user interface. Workaround: There is no workaround.
CSCed81135	Trace backs appear when WIC-1-SHDSL-V2 is connected to ECI DSLAM. Symptom: This problem is seen with the ECI digital subscriber line access multiplier (DSLAM) when the WIC1-SHDSL-V2 module is configured in 4-wire mode. The problem is seen because of large number of embedded operations channels (EOC) messages. The problem does not impact any functionality. The problem has not been seen with other DSLAMs yet, but it could happen when there are large number of EOC messages or bad frame check sequence (FCS) EOC packets sent by the DSLAM. Workaround: There is no workaround.
CSCed93090	Line-mode CLI does not have option for auto line mode selection. Symptom: DSL line training stops if digital subscriber line access multiplier (DSLAM) switches from two-wire to four-wire or four-wire to 2-wire. Conditions: The WIC-1-SHDSL-V2 module will not train with the DSLAM unless the line-mode configuration is changed. Unless the line-mode matches with the DSLAM, the line may not train if the DSLAM switches from 2-wire mode to 4-wire mode or 4-wire mode to 2-wire mode. Workaround: Change the CPE line-mode configuration to DSLAM line-mode configuration.

Open Caveats—Cisco IOS Release 12.3(4)XD1

There are no open caveats specific to Cisco IOS Release 12.3(4)XD1 that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.3(4)XD1

All the caveats listed in this section are resolved in Cisco IOS Release 12.3(4)XD1. This section describes only severity 1 and 2 caveats and select severity 3 caveats.

Table 7 Open Caveats for Cisco IOS Release 12.3(4)XD1 

DDTS ID Number	Description
CSCed27956	A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality. All Cisco products which contain TCP stack are susceptible to this vulnerability. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software. A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
CSCed38527	A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in a much shorter time than was previously discussed publicly. Depending on the application, the connection may get automatically re-established. In other cases, a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated connection which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (such as a router, switch, or computer) and not to the sessions that are only passing through the device (for example, transit traffic that is being routed by a router). In addition, this attack vector does not directly compromise data integrity or confidentiality. All Cisco products which contain TCP stack are susceptible to this vulnerability. This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software. A companion advisory that describes this vulnerability for products that do not run Cisco IOS software is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.

Open Caveats—Cisco IOS Release 12.3(4)XD

There are no open caveats specific to Cisco IOS Release 12.3(4)XD that require documentation in the release notes.

Resolved Caveats—Cisco IOS Release 12.3(4)XD

There are no resolved caveats specific to Cisco IOS Release 12.3(4)XD that require documentation in the release notes.