 Feedback
|
Table Of Contents
Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E
Current Release Image Names for ATM Modules
Software Releases and Orderable Product Number Matrix
Usage Guidelines and Restrictions
New Features in Release 12.1(27b)E4
New Features in Release 12.1(27b)E3
New Features in Release 12.1(27b)E2
New Features in Release 12.1(27b)E1
New Features in Release 12.1(27b)E
New Features in Release 12.1(26)E9
New Features in Release 12.1(26)E8
New Features in Release 12.1(26)E7
New Features in Release 12.1(26)E6
New Features in Release 12.1(26)E5
New Features in Release 12.1(26)E4
New Features in Release 12.1(26)E3
New Features in Release 12.1(26)E2
New Features in Release 12.1(26)E1
New Features in Release 12.1(26)E
New Features in Release 12.1(23)E4
New Features in Release 12.1(23)E3
New Features in Release 12.1(23)E1
New Features in Release 12.1(23)E
New Features in Release 12.1(22)E6
New Features in Release 12.1(22)E4
New Features in Release 12.1(22)E1
New Features in Release 12.1(22)E
New Features in Release 12.1(20)E6
New Features in Release 12.1(20)E3
New Features in Release 12.1(20)E1
New Features in Release 12.1(20)E
New Features in Release 12.1(19)E2
New Features in Release 12.1(19)E
New Features in Release 12.1(14)E4
New Features in Release 12.1(14)E1
New Features in Release 12.1(13)E
New Features in Release 12.1(12c)E1
New Features in Release 12.1(12c)E
New Features in Release 12.1(11b)E12
New Features in Release 12.1(11b)E11
New Features in Release 12.1(11b)E
New Features in Release 12.1(10)E5
New Features in Release 12.1(10)E4
New Features in Release 12.1(10)E
New Features in Release 12.1(8a)E
New Features in Release 12.1(7a)E5
New Features in Release 12.1(6)E8
New Features in Release 12.1(5c)E12
New Features in Release 12.1(5c)E10
New Features in Release 12.1(5a)E3
New Features in Release 12.1(4)E2
New Features in Release 12.1(2)E2
New Features in Release 12.1(2)E1
New Features in Release 12.0(5)XS2
Open Caveats in Release 12.1(27b)E4
Resolved Caveats in Release 12.1(27b)E4
Open Caveats in Release 12.1(27b)E3
Resolved Caveats in Release 12.1(27b)E3
Open Caveats in Release 12.1(27b)E2
Resolved Caveats in Release 12.1(27b)E2
Open Caveats in Release 12.1(27b)E1
Resolved Caveats in Release 12.1(27b)E1
Open Caveats in Release 12.1(27b)E
Resolved Caveats in Release 12.1(27b)E
Open Caveats in Release 12.1(26)E9
Resolved Caveats in Release 12.1(26)E9
Open Caveats in Release 12.1(26)E8
Resolved Caveats in Release 12.1(26)E8
Open Caveats in Release 12.1(26)E7
Resolved Caveats in Release 12.1(26)E7
Open Caveats in Release 12.1(26)E6
Resolved Caveats in Release 12.1(26)E6
Open Caveats in Release 12.1(26)E5
Resolved Caveats in Release 12.1(26)E5
Open Caveats in Release 12.1(26)E4
Resolved Caveats in Release 12.1(26)E4
Open Caveats in Release 12.1(26)E3
Resolved Caveats in Release 12.1(26)E3
Open Caveats in Release 12.1(26)E2
Resolved Caveats in Release 12.1(26)E2
Open Caveats in Release 12.1(26)E1
Resolved Caveats in Release 12.1(26)E1
Open Caveats in Release 12.1(26)E
Resolved Caveats in Release 12.1(26)E
Open Caveats in Release 12.1(23)E4
Resolved Caveats in Release 12.1(23)E4
Open Caveats in Release 12.1(23)E3
Resolved Caveats in Release 12.1(23)E3
Open Caveats in Release 12.1(23)E1
Resolved Caveats in Release 12.1(23)E1
Open Caveats in Release 12.1(23)E
Resolved Caveats in Release 12.1(23)E
Open Caveats in Release 12.1(22)E6
Resolved Caveats in Release 12.1(22)E6
Open Caveats in Release 12.1(22)E4
Resolved Caveats in Release 12.1(22)E4
Open Caveats in Release 12.1(22)E1
Resolved Caveats in Release 12.1(22)E1
Open Caveats in Release 12.1(22)E
Resolved Caveats in Release 12.1(22)E
Open Caveats in Release 12.1(20)E6
Resolved Caveats in Release 12.1(20)E6
Open Caveats in Release 12.1(20)E3
Resolved Caveats in Release 12.1(20)E3
Open Caveats in Release 12.1(20)E1
Resolved Caveats in Release 12.1(20)E1
Open Caveats in Release 12.1(20)E
Resolved Caveats in Release 12.1(20)E
Open Caveats in Release 12.1(19)E2
Resolved Caveats in Release 12.1(19)E2
Open Caveats in Release 12.1(19)E
Resolved Caveats in Release 12.1(19)E
Open Caveats in Release 12.1(14)E4
Resolved Caveats in Release 12.1(14)E4
Open Caveats in Release 12.1(14)E1
Resolved Caveats in Release 12.1(14)E1
Open Caveats in Release 12.1(13)E
Resolved Caveats in Release 12.1(13)E
Open Caveats in Release 12.1(12c)E1
Resolved Caveats in Release 12.1(12c)E1
Open Caveats in Release 12.1(12c)E
Resolved Caveats in Release 12.1(12c)E
Open Caveats in Release 12.1(11b)E12
Resolved Caveats in Release 12.1(11b)E12
Open Caveats in Release 12.1(11b)E11
Resolved Caveats in Release 12.1(11b)E11
Open Caveats in Release 12.1(11b)E
Resolved Caveats in Release 12.1(11b)E
Open Caveats in Release 12.1(10)E5
Resolved Caveats in Release 12.1(10)E5
Open Caveats in Release 12.1(10)E4
Resolved Caveats in Release 12.1(10)E4
Open Caveats in Release 12.1(10)E
Resolved Caveats in Release 12.1(10)E
Open Caveats in Release 12.1(8b)E13
Resolved Caveats in Release 12.1(8b)E13
Open Caveats in Release 12.1(8a)E
Resolved Caveats in Release 12.1(8a)E
Open Caveats in Release 12.1(7a)E5
Resolved Caveats in Release 12.1(7a)E5
Open Caveats in Release 12.1(6)E8
Resolved Caveats in Release 12.1(6)E8
Open Caveats in Release 12.1(5c)E12
Resolved Caveats in Release 12.1(5c)E12
Open Caveats in Release 12.1(5c)E10
Resolved Caveats in Release 12.1(5c)E10
Open Caveats in Release 12.1(5a)E3
Resolved Caveats in Release 12.1(5a)E3
Open Caveats in Release 12.1(4)E2
Resolved Caveats in Release 12.1(4)E2
Open Caveats in Release 12.1(2)E2
Resolved Caveats in Release 12.1(2)E2
Open Caveats in Release 12.1(2)E1
Resolved Caveats in Release 12.1(2)E1
Open Caveats in Release 12.0(5)XS2
Resolved Caveats in Release 12.0(5)XS2
Obtaining Documentation and Submitting a Service Request
Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E
March 4, 2008
Current Release: 12.1(27b)E4
Previous Releases:
12.1(27b)E3, 12.1(27b)E2, 12.1(27b)E1, 12.1(27b)E, 12.1(26)E9, 12.1(26)E8, 12.1(26)E7, 12.1(26)E6, 12.1(26)E5, 12.1(26)E4, 12.1(26)E3, 12.1(26)E2, 12.1(26)E1, 12.1(26)E, 12.1(23)E3, 12.1(23)E1, 12.1(23)E, 12.1(22)E6, 12.1(22)E4, 12.1(22)E1, 12.1(22)E1, 12.1(22)E, 12.1(20)E6, 12.1(20)E3, 12.1(20)E1, 2.1(20)E, 12.1(19)E2, 12.1(19)E, 12.1(14)E4, 12.1(14)E1, 12.1(13)E, 12.1(12c)E, 12.1(11b)E11, 12.1(11b)E, 12.1(10)E5, 12.1(10)E4, 12.1(10)E, 12.1(8a)E, 12.1(7a)E5, 12.1(6)E8, 12.1(5c)E12, 12.1(5c)E10, 12.1(5a)E3, 12.1(4)E2, 12.1(2)E2, 12.1(2)E1, and 12.0(5)XS2The most current release notes for Cisco IOS Release 12.1E are available on Cisco.com:
CautionMPOA does not work in Cisco IOS Release 12.1(4)E2 on the Catalyst 6500 series ATM platform.
This publication describes all the Catalyst 6500 series ATM modules in Cisco IOS Release 12.1E.
These modules are supported in Cisco IOS Release 12.1E:
•
•
Table 1 lists the current release image names on Cisco.com for the Catalyst 6500 series ATM modules.
This publication consists of these sections:
•
•
•
Early Deployment Releases
Cisco IOS Release 12.1 supports the Catalyst 6500 series switch ATM module. Release 12.1E is based on Release 12.1(1). All features and functionality in Releases 12.0(5)XS1, 12.0(5)XS, and 12.1(4)E2 are in Release 12.1E.
For more information about the Cisco IOS software release process, refer to Cisco IOS Releases: Product Bulletin 537 located on Cisco.com at this location:
http://www.cisco.com/warp/public/cc/pd/iosw/iore/prodlit/537_pp.htm
This publication does not describe features that are available in Release 12.1, Release 12.1 T, or other Release 12.1 Early Deployment (ED) releases.
All caveats in Release 12.0(5)XS1 and Release 12.0(5)XS are also in Release 12.1(2)E3. For a list of the software caveats that apply to Release 12.1(2)E3, see the "Open and Resolved Caveats in Software Release 12.0(5)XS1" section on page 5, the Release Notes for Catalyst 6000 Family ATM Module Release 12.0(5)XS1 on Cisco.com, and the Caveats for Cisco IOS Release 12.1 document at this URL:
http://www.cisco.com/en/US/docs/ios/12_1/relnotes/crossplatform/release/notes/121mcavs.html
Current Release Image Names for ATM Modules
Table 1 lists the current release image names for the Catalyst 6500 series ATM modules.
Software Releases and Orderable Product Number Matrix
Table 2 lists the software releases and applicable ordering information for the Catalyst 6500 series ATM module software.
Usage Guidelines and Restrictions
This section describes the usage guidelines and restrictions for Cisco IOS Release 12.1E for the Catalyst 6500 series ATM module:
Note
Note
•
During bootup, you may see this message:
%ATMSSCOP-4-UNMATCHUNIVERSION:(ATM0):rcv non-0 NUU in BeginPdu at UNI 3.0.Pleaseverify peer UNI version.The software will recover and negotiate again. No action is required.
•
Under certain conditions of heavy data traffic (sustained traffic greater than two thirds of OC-12 line rate) with a large number of Ethernet MACs in an ATM LANE network that result in many LE-ARP messages, the transmitter might encounter temporary buffer starvation leading to this error message:
## ATMDRV ERROR REPORT ## THost:Host Response Status: P1CMDS_GET_BUFFERS(44 or0x2c) Response Status = P1CMDS_STATUS_NO_BUFS(7)Workaround: If you see these messages frequently, we recommend that you dedicate one OC-12 ATM module to LES/BUS traffic to reduce the amount of control and data traffic on any one particular module transmitter.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LAN Emulation Clients (LECs), a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
On the Catalyst 6500 series ATM modules running Cisco IOS Release 12.1(4)E with QoS-enabled LECs, when moving the LECs from QoS capable mode to non-QoS capable modes, it is possible that the LECs will continue to use the UBR+ VCC and will not revert to the UBR VCC.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
The supervisor engine can reset the WS-X6101 module in a Catalyst 6500 series switch under extreme conditions, such as the following:
–
–
–
•
## ATMDRV ERROR REPORT ## THost:Host Response Status: P1CMDS_GET_BUFFERS(44 or0x2c) Response Status = P1CMDS_STATUS_NO_BUFS(7)Workaround: If you see this message frequently, we recommend that you dedicate one OC-12 ATM module to LES/BUS traffic to reduce the amount of control and data traffic on any one particular module transmitter.
•
When an LEC has been removed from an ELAN, it still appears to be up for approximately 30 seconds after removal. This delay is due to the Fast PHY switchover implementation.
When the LAN Emulation Configuration Server (LECS) is configured on an ATM module, you might see this message when you reload the module or when you enter the shutdown and no shutdown commands on the major interface:
LANE-3-LECS_ERROR:vc out of sync:updating old call parameters...This is an informational message and does not indicate a problem.
•
•
•
•
•
•
boot system flash bootflash: image name config-register 0x2After a reload, the ATM module boots with the image name that you specified.
Important Notes
Deferrals and field notices for the specified releases are located at the following URLs:
•
•
•
•
•
Software Image Download
This section describes the two methods for downloading a new image to the OC-12 ATM module:
•
•
To download an image from a TFTP server, at the OC-12 ATM module's console, enter the following command: copy tftp bootflash
You will be asked the following question:
Address or name of remote host []?Enter the IP address of the TFTP server.
Note
Erase bootflash:before copying? [confirm]Answer yes. This step is necessary due to an issue in which autoboot, which is enabled by default, boots the first image in the bootflash. If you do not erase the old image after downloading the new image, the old image will be booted.
To download an image from the supervisor engine PC card, perform this two-step process:
a.
b.
You will be asked the following question:
Erase bootflash:before copying? [confirm]Answer yes.
After the image is copied to the bootflash, boot the new image by entering the reload command.
New and Changed Information
New Features in Release 12.1(27b)E4
There are no new features in Release 12.1(27b)E4.
New Features in Release 12.1(27b)E3
There are no new features in Release 12.1(27b)E3.
New Features in Release 12.1(27b)E2
There are no new features in Release 12.1(27b)E2.
New Features in Release 12.1(27b)E1
There are no new features in Release 12.1(27b)E1.
New Features in Release 12.1(27b)E
There are no new features in Release 12.1(27b)E.
New Features in Release 12.1(26)E9
There are no new features in Release 12.1(26)E9.
New Features in Release 12.1(26)E8
There are no new features in Release 12.1(26)E8.
New Features in Release 12.1(26)E7
There are no new features in Release 12.1(26)E7.
New Features in Release 12.1(26)E6
There are no new features in Release 12.1(26)E6.
New Features in Release 12.1(26)E5
There are no new features in Release 12.1(26)E5.
New Features in Release 12.1(26)E4
There are no new features in Release 12.1(26)E4.
New Features in Release 12.1(26)E3
There are no new features in Release 12.1(26)E3.
New Features in Release 12.1(26)E2
There are no new features in Release 12.1(26)E2.
New Features in Release 12.1(26)E1
There are no new features in Release 12.1(26)E1.
New Features in Release 12.1(26)E
There are no new features in Release 12.1(26)E.
New Features in Release 12.1(23)E4
There are no new features in Release 12.1(23)E4.
New Features in Release 12.1(23)E3
There are no new features in Release 12.1(23)E3.
New Features in Release 12.1(23)E1
There are no new features in Release 12.1(23)E1.
New Features in Release 12.1(23)E
There are no new features in Release 12.1(23)E.
New Features in Release 12.1(22)E6
There are no new features in Release 12.1(22)E6.
New Features in Release 12.1(22)E4
There are no new features in Release 12.1(22)E4.
New Features in Release 12.1(22)E1
There are no new features in Release 12.1(22)E1.
New Features in Release 12.1(22)E
There are no new features in Release 12.1(22)E.
New Features in Release 12.1(20)E6
There are no new features in Release 12.1(20)E6.
New Features in Release 12.1(20)E3
There are no new features in Release 12.1(20)E3.
New Features in Release 12.1(20)E1
There are no new features in Release 12.1(20)E1.
New Features in Release 12.1(20)E
There are no new features in Release 12.1(20)E.
New Features in Release 12.1(19)E2
There are no new features in Release 12.1(19)E2.
New Features in Release 12.1(19)E
There are no new features in Release 12.1(19)E.
New Features in Release 12.1(14)E4
There are no new features in Release 12.1(14)E4.
New Features in Release 12.1(14)E1
There are no new features in Release 12.1(14)E1.
New Features in Release 12.1(13)E
There are no new features in Release 12.1(13)E.
New Features in Release 12.1(12c)E1
There are no new features in Release 12.1(12c)E1.
New Features in Release 12.1(12c)E
There are no new features in Release 12.1(12c)E.
New Features in Release 12.1(11b)E12
There are no new features in Release 12.1(11b)E12.
New Features in Release 12.1(11b)E11
There are no new features in Release 12.1(11b)E11.
New Features in Release 12.1(11b)E
There are no new features in Release 12.1(11b)E.
New Features in Release 12.1(10)E5
There are no new features in Release 12.1(10)E5.
New Features in Release 12.1(10)E4
There are no new features in Release 12.1(10)E4.
New Features in Release 12.1(10)E
This section describes the new features in Release 12.1(10)E:
•
Jumbo frame support is provided for the Catalyst 6500 series ATM module (WS-X6101). Configuring the MTU size on the subinterface does not affect the maximum frame size that can be transferred on a Catalyst 6500 series ATM module. The maximum frame size (9218 bytes) is initialized when the module comes up and will not change when the MTU size changes using the CLI.
To bridge the jumbo frames, the feature should be enabled for the ATM module on the supervisor engine by using the set port jumbo mod/port command.
The PVCs on the ATM module can bridge frame size up to 9218 bytes. LECs also transfer frame size up to 9218 bytes. Interoperability issues may arise if the Catalyst 6500 series ATM module interacts with devices not supporting jumbo frames. The jumbo frame feature should not be enabled for the ATM module to interoperate with devices not supporting jumbo frames.
New Features in Release 12.1(8a)E
There are no new features in Release 12.1(8a)E.
New Features in Release 12.1(7a)E5
There are no new features in Release 12.1(7a)E5.
New Features in Release 12.1(6)E8
There are no new features in Release 12.1(6)E8.
New Features in Release 12.1(5c)E12
There are no new features in Release 12.1(5c)E12.
New Features in Release 12.1(5c)E10
There are no new features in Release 12.1(5c)E10.
New Features in Release 12.1(5a)E3
There are no new features in Release 12.1(5a)E3.
New Features in Release 12.1(4)E2
This section describes the new LANE QoS feature in Release 12.1(4)E2:
•
The LANE Quality of Service (QoS) feature provides the capability to differentiate multiple classes of traffic. Traffic class differentiation is achieved by creating (multiple) VCCs with the desired QoS parameters. When the prioritized traffic is received, LEC forwards it on a VCC with matching QoS parameters.
LANE QoS supports the creation of Unspecified Bit Rate+ (UBR+) VCCs. A UBR+ VCC is a UBR VCC for which minimum cell rate (MCR) is guaranteed by the switch. If the switch cannot guarantee the rate you have specified for the UBR+ VCC, the LEC will revert to UBR with no MCR guarantee.
You can enable or disable the LANE QoS feature on a per-LEC basis by entering the qos option in the lane client command. The same ELAN can contain both QoS-capable and non-QoS capable LECs.
Note
On the Catalyst 6500 series ATM platform, the routed packet is classified by the class of service (CoS) value before it is handed over to the LANE. The LEC determines the VCC based on the packets' CoS. The CoS to VCC mapping is determined by the user configuration. Non-IP traffic and bridged traffic streams are always sent over the UBR+ VCC.
The Switched Port Analyzer (SPAN) feature will be added in a future maintenance release.
New Features in Release 12.1(2)E2
There are no new features in Release 12.1(2)E2.
New Features in Release 12.1(2)E1
There are no new features in Release 12.1(2)E1.
New Features in Release 12.0(5)XS2
There are no new features in Release 12.0(5)XS2.
Caveats
These sections describe the open and resolved caveats for the Cisco IOS software in Catalyst 6500 series ATM modules:
Release 12.1(27b)E4
These sections describe the open and resolved caveats in Release 12.1(27b)E4:
•
•
Open Caveats in Release 12.1(27b)E4
None.
Resolved Caveats in Release 12.1(27b)E4
Resolved Caveats for Product `all' and Component `dlsw'
•
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080326-dlsw.html
Resolved Caveats for Product `all' and Component `vpdn'
•
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080326-pptp.html
Release 12.1(27b)E3
These sections describe the open and resolved caveats in Release 12.1(27b)E3:
•
•
Open Caveats in Release 12.1(27b)E3
None.
Resolved Caveats in Release 12.1(27b)E3
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-nhrp.html.
•
Release 12.1(27b)E2
These sections describe the open and resolved caveats in Release 12.1(27b)E2:
•
•
Open Caveats in Release 12.1(27b)E2
None.
Resolved Caveats in Release 12.1(27b)E2
•
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20080924-multicast.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html
•
•
•
•
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-SSL.html.
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
This problem is resolved in Release 12.1(27b)E2. (CSCsb12598, CSCsb40304, CSCsd92405)
•
There are workarounds available for this vulnerability.
This advisory is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20070110-dlsw.html
This problem is resolved in Release 12.1(27b)E2. (CSCsf28840)
•
Release 12.1(27b)E1
These sections describe the open and resolved caveats in Release 12.1(27b)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(27b)E1
None.
Resolved Caveats in Release 12.1(27b)E1
•
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080610-snmpv3.html
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html
•
Cisco has made free software available to address this vulnerability for affected customers.
A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-nam.html
This problem is resolved in Release 12.1(27b)E1. (CSCsd75273, CSCse52951)
Note
•
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-tcp.html
This problem is resolved in Release 12.1(27b)E1. (CSCek37177)
•
http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html
This problem is resolved in Release 12.1(27b)E1 (CSCek26492)
•
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at:
http://www.cisco.com/en/US/products/csa/cisco-sa-20051201-http.html
This problem is resolved in Release 12.1(27b)E1. (CSCsc64976)
•
Release 12.1(27b)E
These sections describe the open and resolved caveats in Release 12.1(27b)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(27b)E
None.
Resolved Caveats in Release 12.1(27b)E
•
Conditions: The router needs to receive a specially crafted GRE packet sent to the tunnel end-point. The outer IP packet must come from the configured tunnel source and be sent to the configured tunnel destination IP address Present Routed bit must be set to 1.
Workaround: Upgrade Cisco IOS to a version containing fixes for: CSCuk27655 or CSCea22552 or CSCei62762.
Further information: On the 6th September 2006, Phenoelit Group posted an advisory:
Cisco Systems IOS GRE decapsulation fault
Cisco's statement and further information are available on the Cisco public website at:
http://www.cisco.com/en/US/products/csr/cisco-sr-20060906-gre.html
This problem is resolved in Release 12.1(27b)E. (CSCei62762)
Release 12.1(26)E9
These sections describe the open and resolved caveats in Release 12.1(26)E9 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E9
None.
Resolved Caveats in Release 12.1(26)E9
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-nhrp.html.
•
Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.
Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.
Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:
config tip ssh version 1endAlternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:
10.1.1.0/24 is a trusted network that is permitted access to the router, all other access is denied
access-list 99 permit 10.1.1.0 0.0.0.255access-list 99 deny anyline vty 0 4access-class 99 inendFurther Problem Description:
For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cntrl_acc_vtl.html
For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
•
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html
•
•
Release 12.1(26)E8
These sections describe the open and resolved caveats in Release 12.1(26)E8 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E8
None.
Resolved Caveats in Release 12.1(26)E8
•
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20080610-snmpv3.html
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070808-IOS-voice.html
•
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070522-SSL.html.
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
This problem is resolved in Release 12.1(26)E8. (CSCsb12598, CSCsb40304, CSCsd92405)
•
Cisco has made free software available to address this vulnerability for affected customers.
A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070228-nam.html
This problem is resolved in Release 12.1(26)E8. (CSCsd75273, CSCse52951)
Note
•
•
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at:
http://www.cisco.com/en/US/products/csa/cisco-sa-20051201-http.html
This problem is resolved in Release 12.1(26)E8. (CSCsc64976)
Release 12.1(26)E7
These sections describe the open and resolved caveats in Release 12.1(26)E7 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E7
None.
Resolved Caveats in Release 12.1(26)E7
•
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-tcp.html
This problem is resolved in Release 12.1(26)E7 (CSCek37177)
•
http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html
This problem is resolved in Release 12.1(26)E7 (CSCek26492)
•
Conditions: The packets must be received on a trunk enabled port.
Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:
–
–
–
These vulnerabilities are addressed by Cisco IDs:
–
–
–
Cisco's statement and further information are available on the Cisco public website at http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060913-vtp
This problem is resolved in Release 12.1(26)E7. (CCSCsd34759)
•
Conditions: The packets must be received on a trunk enabled port, with a matching domain name and a matching VTP domain password (if configured).
Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:
–
–
–
These vulnerabilities are addressed by Cisco IDs:
–
–
–
Cisco's statement and further information are available on the Cisco public website at http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060913-vtp
This problem is resolved in Release 12.1(26)E7. (CSCsd34855)
•
Conditions: The router needs to receive a specially crafted GRE packet sent to the tunnel end-point. The outer IP packet must come from the configured tunnel source and be sent to the configured tunnel destination IP address Present Routed bit must be set to 1.
Workaround: Upgrade Cisco IOS to a version containing fixes for: CSCuk27655 or CSCea22552 or CSCei62762.
Further information: On the 6th September 2006, Phenoelit Group posted an advisory:
Cisco Systems IOS GRE decapsulation fault
Cisco's statement and further information are available on the Cisco public website at:
http://www.cisco.com/en/US/products/csr/cisco-sr-20060906-gre.html
This problem is resolved in Release 12.1(26)E7. (CSCei62762)
Release 12.1(26)E6
These sections describe the open and resolved caveats in Release 12.1(26)E6 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E6
None.
Resolved Caveats in Release 12.1(26)E6
None.
Release 12.1(26)E5
These sections describe the open and resolved caveats in Release 12.1(26)E5 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E5
•
Occasionally, large IP packets become corrupted on a Catalyst 6500 series ATM module WS-X6101, which interrupts IP connectivity over the ATM virtual circuit (VC). The problem is unrelated to hardware, although the cause is unknown.
Workaround: You can recover IP connectivity temporarily by reloading the ATM module, reloading the switch, or performing OIR.
Note
Resolved Caveats in Release 12.1(26)E5
•
Symptoms: A vulnerability exists within the Cisco IOS Authentication, Authorization, and Accounting (AAA) command authorization feature, where command authorization checks are not performed on commands executed from the Tool Command Language (TCL) exec shell. This may allow authenticated users to bypass command authorization checks in some configurations resulting in unauthorized privilege escalation.
Conditions: Devices that are not running AAA command authorization feature, or do not support TCL functionality are not affected by this vulnerability.
This vulnerability is present in all versions of Cisco IOS that support the tclsh command.
Workaround: This advisory with appropriate workarounds is posted at
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20060125-aaatcl
•
When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.
Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.
•
On a Catalyst 6500 series ATM module, the Section BIP-8 errors should increment only when the module is first installed or when there is a problem on the fiber WAN segment. However, when you enter the show controllers command, the number of Section BIP-8 errors that display will increment, even when no fiber is connected to the physical a or physical b interfaces. This problem appears on the Catalyst 6500 series ATM module WS-X6101.
Workaround: Disregard the Section BIP-8 error count.
Release 12.1(26)E4
These sections describe the open and resolved caveats in Release 12.1(26)E4 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E4
•
When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.
Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.
•
On a Catalyst 6500 series ATM module, the Section BIP-8 errors should increment only when the module is first installed or when there is a problem on the fiber WAN segment. However, when you enter the show controllers command, the number of Section BIP-8 errors that display will increment, even when no fiber is connected to the physical a or physical b interfaces. This problem appears on the Catalyst 6500 ATM module WS-X6101.
Workaround: Disregard the Section BIP-8 error count.
Resolved Caveats in Release 12.1(26)E4
None.
Release 12.1(26)E3
These sections describe the open and resolved caveats in Release 12.1(26)E3 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E3
•
When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.
Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.
•
When a Catalyst 6500 series LANE ATM module uses Cisco IOS software Release 12.1E1 and acts as a LAN Emulation Client (LEC), it is possible for a connected router to be a member of an ELAN that uses BUS to send traffic. In such configurations, some Catalyst 6500 LANE ATM modules will not perform correctly, while other devices on same ELAN will be fully operational.
Workaround: Clear the LAN Emulation Address Resolution Protocol (LE-ARP) entry for the module MAC address.
Resolved Caveats in Release 12.1(26)E3
•
Through normal software maintenance processes, Cisco is removing deprecated functionality. These changes have no impact on system operation or feature availability.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20051102-timers.html.
Release 12.1(26)E2
These sections describe the open and resolved caveats in Release 12.1(26)E2 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E2
•
When a supervisor engine switchover occurs on the Catalyst 6500 series LANE ATM module WS-X6101, the supervisor engine does not recognize that the active VLANs are forwarding packets on the spanning tree.
Workaround: Enter the shut/no shut command on the ATM module interface so that the supervisor engine will recognize that the active VLANs are forwarding packets on the spanning tree.
•
When a Catalyst 6500 series LANE ATM module uses Cisco IOS software Release 12.1E1 and acts as a LAN Emulation Client (LEC), it is possible for a connected router to be a member of an ELAN that uses BUS to send traffic. In such configurations, some Catalyst 6500 LANE ATM modules will not perform correctly, while other devices on same ELAN will be fully operational.
Workaround: Clear the LAN Emulation Address Resolution Protocol (LE-ARP) entry for the module MAC address.
Resolved Caveats in Release 12.1(26)E2
•
On a Catalyst 6000 series switch or a Catalyst 6500 series switch, if PVCs that are configured on a WS-X6101 LANE ATM module and mapped to a VLAN are shutting down, the spanning-tree process continues to recognize the ATM port as active in the VLAN. This problem occurs only when the PVC on the LANE module is configured for Operation, Administration, and Maintenance (OAM) and shuts down because of an OAM failure.
Workaround: None.
Release 12.1(26)E1
These sections describe the open and resolved caveats in Release 12.1(26)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E1
•
On a Catalyst 6500 series switch, if PVCs that are configured on a WS-X6101 LANE module and mapped to a VLAN are shut down, the spanning-tree process continues to see the ATM port as active in the VLAN. This problem occurs only when the PVC on the LANE module is configured for Operation, Administration, and Maintenance (OAM) and shuts down because of an OAM failure.
Workaround: None.
•
A Catalyst 6500 series ATM LANE module that uses Cisco IOS Release 12.1E1 as a LAN Emulation Client (LEC) might have a connected router as a member of the ELAN and use a broadcast and unknown server (BUS) to send traffic. The module might not perform correctly, while other devices on the same ELAN are performing correctly.
Workaround: Clear the le-arp entry for the specific MAC address.
Resolved Caveats in Release 12.1(26)E1
•
On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.
Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.
•
When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.
Workaround: None.
•
The CAM entry on the supervisor engine does not get updated on the core switch. If the Ethernet connection to the end station is disconnected and then reconnected to the LANE switch, there is no IP connectivity. If the station was disconnected and reconnected after four hours, the connection works properly.
Workaround: Ping the switched virtual interface (SVI) IP address on the core switch. The station which was moved might be pinging another station that is connected to the Ethernet behind the core switch.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Release 12.1(26)E
These sections describe the open and resolved caveats in Release 12.1(26)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E
•
A Catalyst 6500 series ATM LANE module that uses Cisco IOS Release 12.1E1 as a LAN Emulation Client (LEC) might have a connected router as a member of the ELAN and use a broadcast and unknown server (BUS) to send traffic. The module might not perform correctly, while other devices on the same ELAN are performing correctly.
Workaround: Clear the le-arp entry for the specific MAC address.
•
On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.
Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.
•
When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.
Workaround: None.
Resolved Caveats in Release 12.1(26)E
•
A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.
Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.
•
When you use the show port command on the Catalyst 6500 series supervisor engine for the LANE ATM module, the output mistakenly shows that both ports are connected, even if they are disconnected. Functionality is not affected.
Workaround: None.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Release 12.1(23)E4
These sections describe the open and resolved caveats in Release 12.1(23)E4 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(23)E4
None.
Resolved Caveats in Release 12.1(23)E4
•
Receipt of a Border Gateway Protocol (BGP) Autonomous System (AS) path with a length that is equal to or greater than 255 might reset the BGP session. This problem is resolved in Release 12.1(26)E3.
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20051102-timers.html.
Release 12.1(23)E3
These sections describe the open and resolved caveats in Release 12.1(23)E3 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(23)E3
None.
Resolved Caveats in Release 12.1(23)E3
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type. Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Release 12.1(23)E1
These sections describe the open and resolved caveats in Release 12.1(23)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(23)E1
•
On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.
Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.
•
A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.
Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.
•
When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.
Workaround: None.
Resolved Caveats in Release 12.1(23)E1
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Release 12.1(23)E
These sections describe the open and resolved caveats in Release 12.1(23)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(23)E
•
Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.
(CSCee45196)
•
Workaround: None.
(CSCin71412)
Resolved Caveats in Release 12.1(23)E
•
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
This vulnerability was discovered during internal testing. This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20070124-crafted-ip-option.html
This problem is resolved in Release 12.1(23)E. (CSCec71950)
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html
•
If you reload a WS-X6101-OC12-MMF ATM module when using Cisco IOS Releases 12.1(19)E2 and later, the module will not retain the atm uni-version command, even when you enter the
no atm auto-configuration command under the ATM0 interface.•
Under stress conditions and with PVC traffic shaping configured, THOST timeout occurs on a WS-X6101-OC12-MMF ATM module, and it fails to forward traffic.
Workaround: None
Release 12.1(22)E6
These sections describe the open and resolved caveats in Release 12.1(22)E6 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(22)E6
None.
Resolved Caveats in Release 12.1(22)E6
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Release 12.1(22)E4
These sections describe the open and resolved caveats in Release 12.1(22)E4 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(22)E4
•
On a Catalyst 6500 series switch operating in hybrid mode, peripheral interface manager (PIM) hello packets that need to be transmitted on a WS-X6101 module are dropped when an ATM PVC is configured on a WS-X6101 module. This condition appears only on a Supervisor Engine 720 when IGMP snooping is enabled. This condition appears in Catalyst operating system software release 8.3(1) and later releases.
Workaround: Disable IGMP snooping, or use Catalyst operating system software release 8.2 or an earlier release.
•
A Catalyst 6500 series ATM module (WS-X6101) using Cisco IOS Release 12.1(20)E1 with RFC 1483 PVCs and bind statements configured will not parse the atm bind pvc commands into the running configuration if the interface is in a down/down (not connected) state when the module is reset.
Workaround: If the main interface is administratively shut down when the module is reset, the problem does not occur. If you enter the copy start run command after reloading the module, the atm bind pvc commands are parsed into the running configuration.
•
When you configure approximately 1000 PVCs for traffic shaping on a Catalyst 6500 series switch, and the WX-X6101 ATM module sends multicast traffic at 300 Mbps, an excessive interface flapping THOST timeout occurs, and the module fails to forward the traffic.
Workaround: None.
Resolved Caveats in Release 12.1(22)E4
None.
Release 12.1(22)E1
These sections describe the open and resolved caveats in Release 12.1(22)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(22)E1
•
A Catalyst 6500 series ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases will not save the atm uni-version command after the module is reloaded on the switch, even after you enter the no atm auto-configuration command from the ATM0 interface.
Workaround: Reconfigure the atm-universion command after reloading the module on the switch.
Resolved Caveats in Release 12.1(22)E1
•
When an ATM module WS-X6101 running a LAN emulation client (LEC) receives a gratuitous ARP packet from a Catalyst 6500 series NMP (Network Management Processor) (such as an HSRP configured on an MSFC) the packet is forwarded to all LECs on the emulated LAN (ELAN). The LEC on the WS-X6101 ATM module receives this packet on the BUS VC and places this ARP packet in the NMP queue, even though the LEC on the WS-X6101 module sourced it.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
Release 12.1(22)E
These sections describe the open and resolved caveats in Release 12.1(22)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(22)E
•
A Catalyst 6500 series ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases will not save the atm uni-version command after the module is reloaded on the switch, even after you enter the no atm auto-configuration command under the ATM0 interface.
Workaround: Reconfigure the atm-universion command after reloading the module on the switch.
Resolved Caveats in Release 12.1(22)E
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability. (See the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html
Release 12.1(20)E6
These sections describe the open and resolved caveats in Release 12.1(20)6 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(20)E6
This section describes the open caveats in Release 12.1(20)E6:
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html
•
When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
When a Catalyst 6500 series switch with a WS-X6101 ATM LANE module is configured with only one LANE client, error messages might appear under normal working conditions, even after you reset the module.
Workaround: None.
•
After you reload an ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases, the atm uni-version command will not be saved, even after you enter the no atm auto-configuration command from the ATM0 interface.
Workaround: None.
Resolved Caveats in Release 12.1(20)E6
•
A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages
Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/en/US/products/csa/cisco-sa-20050412-icmp.html
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected.
Release 12.1(20)E3
These sections describe the open and resolved caveats in Release 12.1(20)E3 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(20)E3
•
When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
When a Catalyst 6500 series switch with a WS-X6101 ATM LANE module is configured with only one LANE client, error messages might appear under normal working conditions, even after you reset the module.
Workaround: None.
•
After you reload an ATM module WS-X6101-OC12-MMF that uses Cisco IOS software Release 12.1(19)E2 and later releases, the atm uni-version command will not be saved, even after you enter the no atm auto-configuration command from the ATM0 interface.
Workaround: None.
Resolved Caveats in Release 12.1(20)E3
•
Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service (DoS) condition. Use of SSH with Remote Authentication Dial In UserService (RADIUS) is not affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers. There are workarounds available to mitigate the effects of the vulnerability (see the "Workarounds" section of the full advisory for details.)
This advisory will be posted at http://www.cisco.com/en/US/products/csa/cisco-sa-20050406-ssh.html
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
A vulnerability in Transmission Control Protocol specification (RFC793) has been discovered by an external researcher. The successful exploitation enables an adversary to reset any established TCP connection in much shorter time then was previously publicly discussed. This can lead to a Denial of Service attack. Depending upon the attacked protocol, a successful attack may have additional consequences beyond terminated session, which must be considered. This attack vector is only applicable to the sessions which are terminating on a device (e.g., router, switch, computer) and not to the sessions that are only passing through the device (e.g., transit traffic that is being routed by a router).
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040420-tcp-ios.html, and it describes this vulnerability as it applies to Cisco products that run Cisco IOS software.
•
Symptoms: A router may reload unexpectedly after it attempts to access a low memory address.
Conditions: This symptom is observed after ACLs have been updated dynamically or after the router has responded dynamically to an IDS signature.
Workaround: Disable IP Inspect and IDS.
Release 12.1(20)E1
These sections describe the open and resolved caveats in Release 12.1(20)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(20)E1
•
When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
Resolved Caveats in Release 12.1(20)E1
•
Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are typically used in packetized voice or multimedia applications. Features such as NAT and Cisco IOS Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS releases are affected if configured for various types of Voice/Multimedia Application support. The vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are workarounds available that may mitigate the impact, but these techniques may not be appropriate for use in all customer networks. This advisory is available at
http://www.cisco.com/en/US/products/csa/cisco-sa-20040113-h323.html.
•
Packets received over an RFC 1483 PVC link to a WS-X6101 ATM module might become corrupted.
Workaround: To avoid this problem, configure the no atm1483pvc fcs enable command on the device that is sending the packets to the ATM module.
Release 12.1(20)E
These sections describe the open and resolved caveats in Release 12.1(20)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(20)E
•
When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
Resolved Caveats in Release 12.1(20)E
•
In a WS-X6101 module running Cisco IOS Release 12.1(19)E, the ATM interface might show active virtual circuits, (VCs), even while the ATM interface is down.
Workaround: Enter the shut/no shut command on the ATM interface.
Release 12.1(19)E2
These sections describe the open and resolved caveats in Release 12.1(19)E2 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(19)E2
•
A Catalyst 6500 series ATM module (WS-X6101) that is running Cisco IOS Release 12.1(14)E1 may be reset by the Catalyst 6500 series supervisor engine when approximately 500 Mbps of traffic is sent through the module over multiple PVCs. When the supervisor engine resets the module, it will report this error:
%SYS-5-MOD_NOSCPPINGRESPONSE:Module 3 not responding... resetting module%SYS-5-MOD_RESET:Module 3 reset from SoftwareThis problem occurs only when Integrated Local Management Interface (ILMI) PVCs are configured on the WS-X6101 module and ILMI keepalives are enabled.
Workaround: Disable ILMI keepalives with the no atm ilmi-keepalive interface command, or configure the set poll disable command on the Catalyst 6500 series supervisor engine.
•
When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
In a WS-X6101 module running Cisco IOS Release 12.1(19)E, the ATM interface might show active VCs, even while the ATM interface is down.
Workaround: Enter the shut/no shut command on the ATM interface.
Resolved Caveats in Release 12.1(19)E2
•
An ATM module (WS-X6101) might lose some of the bind statements in its running configuration if the fiber is unplugged and then plugged in again. This problem does not occur when you enter a shut/no shut command on the ATM interface, only when you unplug and replug the fiber.
Workaround: Enter the copy startup-config running-config command to restore the bind statements.
Release 12.1(19)E
These sections describe the open and resolved caveats in Release 12.1(19)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(19)E
•
A Catalyst 6500 series ATM module (WS-X6101) that is running Cisco IOS
Release 12.1(14)E1 may be reset by the Catalyst 6500 series supervisor engine when approximately 500 Mbps of traffic is sent through the module over multiple PVCs.When the supervisor engine resets the module, it will report this error:
%SYS-5-MOD_NOSCPPINGRESPONSE:Module 3 not responding... resetting module%SYS-5-MOD_RESET:Module 3 reset from SoftwareThis problem occurs only when Integrated Local Management Interface (ILMI) PVCs are configured on the WS-X6101 module and ILMI keepalives are enabled.
Workaround: Disable ILMI keepalives with the no atm ilmi-keepalive interface command, or configure the set poll disable command on the Catalyst 6500 series supervisor engine.
•
When a LAN Emulation Client (LEC) on a Catalyst 6500 series ATM module receives wrongly formatted LANE control frames, the module generates this message:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be reset because this message usually appears only a few times. However, if the message keeps reappearing, the LEC can be restarted, or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
Resolved Caveats in Release 12.1(19)E
•
Free memory on the Catalyst 5000 family and Catalyst 6500 series ATM modules depletes whenever the ATM link goes up and down.
•
The following configuration on the Catalyst 6500 series ATM module (WS-X6101) appears in the running configuration, even when it does not appear in the startup configuration:
!interface ATM0atm pvc 1 0 5 qsaalatm pvc 2 0 16 ilmi!In the above configuration, the QSAAL and ILMI PVCs have to be set up explicitly by using the CLI, either in the startup configuration or the running configuration.
•
The Rxhost statistics on the Catalyst 6500 series OC-12 ATM module (WS-X6101) does not display all of the counters for the dropped packets.
Release 12.1(14)E4
These sections describe the open and resolved caveats in Release 12.1(14)E4 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(14)E4
•
A Catalyst 6500 series module WS-X6101 running Cisco IOS Release 12.1(14)E1 may be reset by the Catalyst 6500 supervisor engine when very high rates of traffic (approximately 500 Mbps) are sent through the module over multiple PVCs. Under such conditions the supervisor engine will report the following error:
%SYS-5-MOD_NOSCPPINGRESPONSE:Moduld 3 not responding... resetting module%SYS-5-MOD_RESET:Moduld 3 reset from SoftwareThe problem appears only when the ILMI (Interim Local Management Interface) PVC is configured on the WS-X6101 module and the ILMI keepalives are enabled.
Workaround: Disable ILMI keepalives with the no atm ilmi-keepalive interface command, or configure the set poll disable atm module num command on the Catalyst 6500 series supervisor engine.
Resolved Caveats in Release 12.1(14)E4
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at this URL:
http://www.cisco.com/en/US/products/csa/cisco-sa-20030717-blocked.html
This problem is resolved in Release {}
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at this URL:
http://www.cisco.com/en/US/products/csa/cisco-sa-20030717-blocked.html
This problem is resolved in Release 12.1(14)E4.
•
The free memory in Catalyst 5000 family and Catalyst 6500 series modules depletes whenever the ATM link goes up and down.
Workaround: None.
•
The following configuration on the Catalyst 6500 series module WS-X6101 appears in the running configuration, even when it does not appear in the startup configuration:
!interface ATM0atm pvc 1 0 5 qsaalatm pvc 2 0 16 ilmi!Workaround: The above mentioned QSAAL and ILMI PVCs have to be set up explicitly, either in the startup configuration or in the running configuration, using the command line interface.
•
The Rx host statistics on the Catalyst 6500 series module WS-X6101 do not display all of the counters for the dropped packets.
Workaround: None.
Release 12.1(14)E1
These sections describe the open and resolved caveats in Release 12.1(14)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(14)E1
•
When a LAN Emulation Client (LEC) on a Cisco device receives wrongly formatted LANE control frames, the following message is generated:
%LANE-3LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be brought down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
Inserting a single-port OC-12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).
Workaround: To put the ATM module into service, enter the reset slot-number command.
Resolved Caveats in Release 12.1(14)E1
•
Through traffic from the PVC stops and does not recover by itself after certain traffic goes through the ATM link for a long time.
•
When customers connect a Catalyst 2900 switch Gigabit Ethernet port or a Catalyst 4000 family switch Gigabit Ethernet port to a Gigabit Ethernet trunk on a Catalyst 6500 series switch with a LANE module, free memory on the LANE module goes down. This situation impacts network performance when a station on the Ethernet side of the Catalyst 6500 series switch tries to reach some other device over that LANE module. However, within the Ethernet, network performance works fine.
•
A Catalyst 5000 LANE module or Catalyst 6500 LANE module running Release 12.0(20)W5(24) or any images in Release 12.1E can display CPUHOG messages similar to the following:
Feb 16 01:35:06: %SYS-3-CPUHOG: Task ran for 2448 msec (0/0), process = ATMPeriodic, PC = 400A77BC.-Traceback= 400A7768 400A77C4 401D3534 401D3AA6Workaround: None.
•
Occasionally, a Catalyst 6500 series switch OC-12 ATM module (WS-X6101-OC12-MMF) might print the following message on the console at regular intervals:
IP address 7F00000B used for nmp.This condition prevents normal operation of the ATM module and causes the session command to fail in the affected module. This condition has been observed in Releases 12.1(2)E1 and later.
Workaround: Reset the ATM module.
•
On Catalyst 6509 modules running Release 12.1(12c)E, the VC number does not show up correctly.
•
The if-MIB of the ATM physical interface on module WS-X6101-OC12-SMF running Catalyst 6500 series ATM software cannot be accessed through SNMP.
Release 12.1(13)E
These sections describe the open and resolved caveats in Release 12.1(13)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(13)E
•
When a LAN Emulation Client (LEC) on a Cisco device receives wrongly formatted LANE control frames, the following message is generated:
%LANE-3LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be brought down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
Inserting a single-port OC12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).
Workaround: To put the ATM module into service, enter the reset slot-number command.
Resolved Caveats in Release 12.1(13)E
•
The ATM module on the Catalyst 6509 chassis drops the vty login information when it is reset in Release 12.1(12c)E.
Workaround: None.
Release 12.1(12c)E1
These sections describe the open and resolved caveats in Release 12.1(12c)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(12c)E1
•
When a LAN Emulation Client (LEC) on a Cisco device receives incorrectly formatted LANE control frames, the following message is generated:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: You do not need to shut down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
Inserting a single-port OC-12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).
Workaround: To put the ATM module into service, enter the reset slot-number command.
Resolved Caveats in Release 12.1(12c)E1
•
A recovery mechanism is being added to Release 12.1(12c)E1 to make the WS-X6101 module reset when the Transmit Host encounters a fatal problem.
•
The Catalyst 6500 series ATM module (WS-X6101-OC12-XMF) ignores the boot variable and always boots with the first available boot image. If the first available boot file is deleted by not erased, the ATM module will not boot.
Workaround: Boot from the ROM monitor or use the image in Release 12.1(5c)E10 or earlier as the first image in the bootflash.
•
A Catalyst 6500 switch with Supervisor Engine 2 and a WS-X6101 LANE module may experience a situation in which the LECs or PVCs on the module are operational, but clients connected by Ethernet to the switch are unable to communicate with clients connected by ATM to the switch.
At the time of the traffic failure, you might see a log message similar to this one in the "Show log" window on the supervisor engine:
07. 5/19/2002,03:20:22: lyra_intr_hdlr:Interrupt Type = 0x4000 register content 0xb0b0f0e, int_status 0x1004108, ctrl1 0xe66e08a1, ctrl2 0x1fWorkaround: Reload the SW-X6101 LANE module to restore connectivity.
•
Under rare conditions, the GigaPort interface on the Catalyst 6500 series ATM module is not in synchronization with the supervisor engine, and traffic stops.
Workaround: Reset the Catalyst 6500 series ATM module.
•
MIBs do not support LEC uptime. LEC uptime shows how long the LEC has been operating and is the equivalent of the show lane client command output.
This caveat has been resolved in Release 12.1(12c)E1.
•
The WS-X6101 LANE module running Cisco IOS Release 12.1(10)E or Release 12.0(5)XS does not support the configuration option to enable and disable the LE ARP reverify local feature. Attempts to configure the global command lane le-arp reverify local have resulted in the following error message:
ATM(config)#lane le-arp reverify local% Invalid input detected at '^' markerThis caveat has been resolved in Release 12.1(12c)E1.
Release 12.1(12c)E
These sections describe the open and resolved caveats in Release 12.1(12c)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(12c)E
•
When a LAN Emulation Client (LEC) on a Cisco device receives incorrectly formatted LANE control frames, the following message is generated:
%LANE-3LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101Workaround: The LEC does not have to be brought down because this message usually appears only a few times. If the message continues to appear, the LEC can be restarted or the LAN Emulation Server (LES) can be moved from the Catalyst 6500 series ATM module to another device.
•
Inserting a 1-port OC12 ATM module into a switch in which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom occurs only on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.2(1).
Workaround: To put the ATM module into service, enter the reset slot-number command.
Resolved Caveats in Release 12.1(12c)E
•
MIBs do not support LEC uptime. LEC uptime shows how long the LEC has been operating and is the equivalent of the show lane client command output.
This caveat has been resolved in Release 12.1(12c)E.
•
The WS-X6101 LANE module running Cisco IOS Release 12.1(10)E or Release 12.0(5)XS does not support the LE ARP reverify local feature. Attempts to configure the global command lane le-arp reverify local cause the following error message to appear:
ATM (config) #lane le-arp reverify local% Invalid input detected at `^' markerThis caveat has been resolved in Release 12.1(12c)E.
Release 12.1(11b)E12
These sections describe the open and resolved caveats in Release 12.1(11b)E12 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(11b)E12
None.
Resolved Caveats in Release 12.1(11b)E12
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/en/US/products/csa/cisco-sa-20040616-bgp.html.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at this URL:
http://www.cisco.com/en/US/products/csa/cisco-sa-20030717-blocked.html
This problem is resolved in Release 12.1(11b)E12.
Release 12.1(11b)E11
These sections describe the open and resolved caveats in Release 12.1(11b)E11 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(11b)E11
•
Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with a Supervisor Engine 2 and when the switching mode is compact with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101When the message is generated, LECs may be shut down and brought up again.
Workaround: None.
•
A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.
Workaround: Reload the LANE module.
•
The Catalyst 5000 ATM LANE module x5161 running 12.0(14)W5(20), under rare circumstances continues to generate the following messages when you enable the debug lane client stat command:
state ACTIVE event LEC_CTL_TOPO_CHANGE => ACTIVEThis message indicates that ATM module may be considering all BPDUs to be Topology Change messages.
Workaround: None.
Resolved Caveats in Release 12.1(11b)E11
CSCdz60229Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default. The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at this URL:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20021219-ssh-packet
Release 12.1(11b)E
These sections describe the open and resolved caveats in Release 12.1(11b)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(11b)E
This section describes open caveats in Release 12.1(11b)E:
•
Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with a Supervisor Engine 2 and when the switching mode is compact with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101When the message is generated, LECs may be shut down and brought up again.
Workaround: None.
•
A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.
Workaround: Reloade the LANE module.
•
The Catalyst 5000 ATM LANE module x5161 running 12.0(14)W5(20), under rare circumstances continues to generate the following messages when you enable the debug lane client stat command:
state ACTIVE event LEC_CTL_TOPO_CHANGE => ACTIVEThis message indicates that ATM module may be considering all BPDUs to be Topology Change messages.
Workaround: None.
Resolved Caveats in Release 12.1(11b)E
•
The following error message displays repeatedly on the WS-X6101 module when the debug ATM error is enabled.
atmConst_get_vc_stats: VPC VCD mismatch!•
According to RFC 1573, support for 64-bit octet counters in theifXTable is mandatory for ATM module interfaces. Although 32-bit counters in the ifTable are supported, support for the corresponding 64-bit counter variables is missing.
•
When a LANE module sends src-less LE-ARPs upon receiving a special MAC-addressed packet, but with an incorrect targetMAC address, the LE-ARP tables on LECs are not properly updated.
•
In a HSRP environment consisting of Catalyst 6500 series switch ATM LANE modules and Cisco routers running the current version of Cisco IOS software and third party routers, with the Cisco routers connected to the Ethernet segment running HSRP and LECs configured on the ATM LANE module, the third party routers may lose connectivity to the active router on a HSRP switchover. This condition occurs when the ATM LANE module that is proxying for the router forwards the special MAC-addressed packet to the BUS without sending the no-src le-narp message.
•
The ATM module's display has a random listing of PVCs in the show running- config command. This caveat is fixed in Release 12.0(19)W5(23).
•
When VBR-nrt traffic shaping is configured on an ATM module without a maximum burst size (MBS) value, a value of 0 is assigned to that module. Traffic sent on this permanent virtual circuit (PVC) never spikes at a peak cell rate (PCR) because MBS is always 0.
•
The following message repeatedly appears on the WS-X6101 module when the debug ATM error logging is turned on:
00:31:40: atmConst_get_vc_stats: VPC VCD mismatch!Workaround: None.
This is an error message, but the condition does not affect the functionality of the ATM LANE module.
•
On the Catalyst 5000 family ATM modules, when the startup configuration has shut down for an interface, the ATM PVC and VLAN bindings are lost from running configurations when you enter the no shutdown command. This caveat existed in Release 12.0(16)W05(21) and has been fixed in Release 12.0(19)W5(23).
Workaround: Copy a configuration from TFTP without the shutdown command, or load an older image.
Release 12.1(10)E5
These sections describe the open and resolved caveats in Release 12.1(10)E5 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(10)E5
•
Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101When the message is generated, LECs may be shut down and brought up again.
Workaround: None.
•
A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.
Workaround: Reloading the LANE module solves the problem.
Resolved Caveats in Release 12.1(10)E5
•
An error can occur with management protocol processing. Use the following URL for further information:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
This problem is resolved in Release 12.1(10)E5.
Release 12.1(10)E4
These sections describe the open and resolved caveats in Release 12.1(10)E4:
•
•
Open Caveats in Release 12.1(10)E4
•
Inserting a single-port OC-12 ATM module in a switch on which all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101When the message is generated, LECs may be shut down and brought up again.
Workaround: None.
•
A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.
Workaround: Reloading the LANE module solves the problem.
Resolved Caveats in Release 12.1(10)E4
•
An error can occur with management protocol processing. Use the following URL for further information:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
Release 12.1(10)E
These sections describe the open and resolved caveats in Release 12.1(10)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(10)E
•
Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
A bad control message may lead to LEC instability. When an LEC on a Cisco switch receives LANE control frames that are formatted incorrectly, the following error message is generated:
%LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM1/0.101When the message is generated, LECs may be shut down and brought up again.
•
A Catalyst 6500 series switch with a LANE module may start dropping packets traveling through the LANE cloud.
Workaround: Reloading the LANE module solves the problem.
Resolved Caveats in Release 12.1(10)E
•
ATM modules display has random listing of PVCs in the show running- config command. This caveat is fixed in Release 12.0(19)W5(23).
•
When VBR-nrt traffic shaping is configured on an ATM module without a maximum burst size (MBS) value, a value of 0 is assigned to that module. Traffic sent on this permanent virtual circuit (PVC) never spikes at a peak cell rate (PCR) s MBS is always 0.
•
The following error message repeatedly appears on the WS-X6101 module when debug ATM error logging is turned on.
00:31:40: atmConst_get_vc_stats: VPC VCD mismatch!Workaround: None. This error message condition does not affect the functionality of the ATM LANE module.
•
On Catalyst 5000 family ATM modules, when the startup configuration has shutdown for an interface, the ATM PVC and VLAN bindings are lost from running configurations when you enter the no shutdown command. This caveat existed in Release 12.0(16)W05(21) and has been fixed in Release 12.0(19)W5(23).
Workaround: Copy a configuration from TFTP without the shut command, or load an older image.
Release 12.1(8b)E13
These sections describe the open and resolved caveats in Release 12.1(8b)E13 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(8b)E13
•
Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
Resolved Caveats in Release 12.1(8b)E13
CSCdz60229Cisco devices which run IOS and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default. The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at this URL:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20021219-ssh-packet
Release 12.1(8a)E
These sections describe the open and resolved caveats in Release 12.1(8a)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(8a)E
•
Inserting a single-port OC-12 ATM module in a switch where all switching modules are fabric enabled causes the module diagnostics to fail on the ATM module. This symptom only occurs on Catalyst 6500 series switches with Supervisor Engine 2 and when the switching mode is compatible with software release 6.1(1). To put the ATM module into service, enter the reset slot-number command.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
Resolved Caveats in Release 12.1(8a)E
•
The clear counters command does not clear the counters if the ATM interface is in shutdown state. This problem is resolved in Release 12.1(8a)E.
•
Cisco routers, Catalyst 5000 family ATM modules, and Catalyst 6500 series ATM modules running the current releases of Cisco IOS software and with LANE configured may generate the following error messages:
Sep 15 13:13:10: %LANE-3-LEC_CONTROL_MSG: Received bad control message on interface ATM5/0/0.1The debug lane client error command has been included to provide additional debug support for these error messages and will be integrated into Cisco IOS Release 12.1(8a)E.
•
On Catalyst 6500 series platforms, the system CAM entries created by MPOA are never removed when the ATM module is removed, reset, reloaded, or when the ATM module hangs.
Workaround: Reload the Catalyst platform.
Alternate workaround: The problem was fixed and will be available in the following releases:
–
–
•
Queries on variables of the ciscoAal5MIB and ciscoAtmExtMIB fail for VCs on the ATM major interface (ILMI and signaling VCs) but work fine for VCs configured on subinterfaces. This problem is resolved in Release 12.1(8a)E.
•
Interfaces associated with the ATM subinterface, AAL5 layer, and LECs, register to the IF-MIB using incorrect values of ifIndex when they are first created as part of startup config. Queries on the ifTable variables will fail to get information on these interfaces. However, interfaces created after the module boots register correctly. This problem is resolved in Release 12.1(8a)E.
•
The following problem was seen on a Catalyst 6500 series switch with a redundant MSFC2 and HA enabled. When you perform an HA switchover, the traffic recovers for a short while on the WS-X6101 module running Release 12.1(5a)E3. Then, all traffic on the module stops and never resumes until the module is reset. The message "release for semaphore release" keeps repeating on the WS-X6101 console until the module is reset. This problem is resolved in Release 12.1(8a)E.
•
A LEC configured as a LANE v2 client in a multi-vendor LANE environment may experience interoperability problems when the LECS and LES/BUS services reside on the third party vendor equipment. The LEC will send out a tag value in the LAN destination field of the flush request, which is not recognized as an appropriate value by the third party BUS.
Workaround: Disable the flush request sent by the LEC on the switch. This problem is resolved in Release 12.1(8a)E.
•
In the Catalyst 5000 family and Catalyst 6500 series platforms, the ATM module switchover does not happen on an ilmi-keepalive failure.
Workaround: Use images from Release 12.1(8a)E or later on the ATM modules. This problem is resolved in Release 12.1(8a)E.
•
Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.
This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.
To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in the DDTS record.
Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices. This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.
•
Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.
To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.
In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.
•
Cisco IOS software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using an undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, (such as "sysContact," "sysLocation," and "sysNam"). These modifiable objects do not affect the device's normal operation but may cause problems if they are modified unexpectedly during operation. The remaining objects are contained in the LEC and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.
The vulnerability is only present in certain combinations of Cisco IOS releases on Cisco routers and switches. ILMI is a necessary component for ATM, and the vulnerability is present in every Cisco IOS release that contains the supporting software for ATM and ILMI without regard to the actual presence of an ATM interface or the physical ability of the device to support an ATM connection.
To remove this vulnerability, Cisco is offering free software upgrades for all affected platforms.
In lieu of a software upgrade, a workaround can be applied to certain Cisco IOS releases by disabling the ILMI community or "*ilmi" view and applying an access list to prevent unauthorized access to SNMP. Any affected system, regardless of software release, may be protected by filtering SNMP traffic at a network perimeter or on individual devices.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml.
•
A Border Gateway Protocol (BGP) update contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the extended length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.
The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems in the segment. The path segment value contains the list of autonomous systems (each autonomous system is represented by two octets).
The total length of the attribute depends on the number of path segments and the number of autonomous systems in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of autonomous systems (without having to use the extended length bit) is 126 [= (255-2)/2]. If the update is propagated across an autonomous system boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.
The problem was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a notification message (update malformed) to reset their session.
The average maximum AS_PATH length in the Internet is between 15 and 20 autonomous systems, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.
(Part of the text was taken from RFD 1771.)
•
When BGP sessions get reset, currently, with lob neighbor-changes, the event is errlogged. However, to find out the reasons as to why there was a reset, one has to turn on the debugs. This fix will automatically errlog the notification message when the sessions are reset. This feature will be turned on by the same log-neighbor-changes knob. This problem is resolved in software Release 12.1(8a)E.
Release 12.1(7a)E5
These sections describe the open and resolved caveats in Release 12.1(7a)E5:
•
•
Open Caveats in Release 12.1(7a)E5
•
The clear counters command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.
•
This error message might appear after a LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.
•
The following message may appear three times when the Catalyst 6500 series ATM module boots up:
Preferred Phy: Phy A is already Selected.These repetitions are harmless and can be ignored.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
•
On Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.
Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.
•
Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:
–
–
–
Resolved Caveats in Release 12.1(7a)E5
•
An error can occur with management protocol processing. Use the following URL for further information: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
Release 12.1(6)E8
These sections describe the open and resolved caveats in Release 12.1(6)E8:
•
•
Open Caveats in Release 12.1(6)E8
•
The clear counters command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.
•
This message might appear after a LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.
•
On Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst 6500 series switch.
•
If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.
•
The following message may appear three times when the Catalyst 6500 series 6500 series ATM module boots up:
Preferred Phy: Phy A is already Selected.These repetitions are harmless and can be ignored.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS-enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:
–
–
–
Resolved Caveats in Release 12.1(6)E8
•
An error can occur with management protocol processing. Use the following URL for further information:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
Release 12.1(5c)E12
These sections describe the open and resolved caveats in Release 12.1(5c)E12:
•
•
Open Caveats in Release 12.1(5c)E12
•
The clear counters command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.
•
This message might appear after a LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.
•
The following error message may appear three times when the Catalyst 6500 series ATM module boots up:
Preferred Phy: Phy A is already Selected.These repetitions are harmless and can be ignored.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
•
On Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.
Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.
•
Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:
–
–
–
Resolved Caveats in Release 12.1(5c)E12
•
An error can occur with management protocol processing. Use the following URL for further information:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
This problem has been fixed in Release 12.1(5c)E12.
Release 12.1(5c)E10
These sections describe the open and resolved caveats in Release 12.1(5c)E10:
•
•
Open Caveats in Release 12.1(5c)E10
•
The clear counters command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect, and the MTU size will remain at 1500.
•
This message might appear after a LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.
•
On the Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
If you enter the show interface command on a WS-X6101 running Release 12.1(2).E1, EOBC displays for the Eth0 interface.
•
The following message may appear three times when the Catalyst 6500 series ATM module boots up:
Preferred Phy: Phy A is already Selected.These repetitions are harmless and can be ignored.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
•
On Catalyst 6500 series ATM modules that are running Release 12.1(5a)E3 and have QoS enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.
Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.
•
Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:
–
–
–
Resolved Caveats in Release 12.1(5c)E10
•
ATM modules WS-X6101-OC12-SMF and WS-X6101-OC12-MMF on the Catalyst 6500 series platform have failed the diagnostics test (L4A, data loopback test) at high voltage and 0 degree Celsius. Under these conditions, the data path may be affected. There is no workaround for this problem. This problem has been fixed in Release 12.1(5c)E10.
•
Cisco Security Advisory:
Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Revision 1.0: INTERIM
For Public Release 2001 February 27 20:00 US/Eastern (UTC+0500)
_________________________________________________________________
Summary
Cisco IOS software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers.
This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminate on the affected Cisco device itself; it does not apply to TCP traffic forwarded through the affected device in transit between two other hosts.
To remove the vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is described in the DDTS record.
Workarounds are available that limit or deny successful exploitation of the vulnerability by filtering traffic containing forged IP source addresses at the perimeter of a network or directly on individual devices. This notice will be posted at http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml.
•
Cisco Security Advisory:
Cisco IOS Software Multiple SNMP Community String Vulnerabilities
Revision 1.0: INTERIM
For Public Release 2001 February 27 20:00 US/Eastern (UTC+0500)
_________________________________________________________________
Summary
Multiple Cisco IOS software and CatOS software releases contain several independent but related vulnerabilities involving the unexpected creation and exposure of SNMP community strings. These vulnerabilities can be exploited to permit the unauthorized viewing or modification of affected devices.
To remove the vulnerabilities, Cisco is offering free software upgrades for all affected platforms. The defects are documented in DDTS records CSCds32217, CSCds16384, CSCds19674, CSCdr59314, CSCdr61016, and CSCds49183.
In addition to specific workarounds for each vulnerability, affected systems can be protected by preventing SNMP access.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-community-vulns-pub.shtml.
•
Cisco Security Advisory:
Cisco IOS Software SNMP Read-Write ILMI Community String Vulnerability
Revision 1.0: INTERIM
For Public Release 2001 February 27 04:00 US/Eastern (UTC+0500)
_______________________________________________________________
Summary
Cisco IOS software releases based on versions 11.x and 12.0 contain a defect that allows a limited number of SNMP objects to be viewed and modified without authorization using a undocumented ILMI community string. Some of the modifiable objects are confined to the MIB-II system group, (such as "sysContact," "sysLocation," and "sysNam,") that do not affect the device's normal operation but that may cause confusion if modified unexpectedly. The remaining objects are contained in the LEC and PNNI MIBs, and modification of those objects may affect ATM configuration. An affected device might be vulnerable to a denial-of-service attack if it is not protected against unauthorized use of the ILMI community string.
The vulnerability is only present in certain combinations of Cisco IOS releases on Cisco routers and switches. ILMI is a necessary component for ATM, and the vulnerability is present in every Cisco IOS release that contains the supporting software for ATM and ILMI without regard to the actual presence of an ATM interface or the physical ability of the device to support an ATM connection.
To remove this vulnerability, Cisco is offering free software upgrades for all affected platforms. The defect is documented in DDTS record CSCdp11863.
In lieu of a software upgrade, a workaround can be applied to certain Cisco IOS releases by disabling the ILMI community or "*ilmi" view and applying an access list to prevent unauthorized access to SNMP. Any affected system, regardless of software release, may be protected by filtering SNMP traffic at a network perimeter or on individual devices.
This notice will be posted at http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml.
•
A Border Gateway Protocol (BGP) update contains Network Layer Reachability Information (NLRI) and attributes that describe the path to the destination. Each path attribute is a type, length, value (TLV) object.
The type is a two-octet field that includes the attribute flags and the type code. The fourth high-order bit (bit 3) of the attribute flags is the extended length bit. It defines whether the attribute length is one octet (if set to 0) or two octets (if set to 1). The extended length bit is used only if the length of the attribute value is greater than 255 octets.
The AS_PATH (type code 2) is represented by a series of TLVs (or path segments). The path segment type indicates whether the content is an AS_SET or AS_SEQUENCE. The path segment length indicates the number of autonomous systems in the segment. The path segment value contains the list of autonomous systems (each autonomous system is represented by two octets).
The total length of the attribute depends on the number of path segments and the number of autonomous systems in them. For example, if the AS_PATH contains only an AS_SEQUENCE, then the maximum number of autonomous systems (without having to use the extended length bit) is 126 [= (255-2)/2]. If the update is propagated across an autonomous system boundary, then the local Abstract Syntax Notation (ASN) must be appended and the extended length bit used.
The problem was caused by the mishandling of the operation during which the length of the attribute was truncated to only one octet. Because of the internal operation of the code, the receiving border router would not be affected, but its iBGP peers would detect the mismatch and issue a notification message (update malformed) to reset their session.
The average maximum AS_PATH length in the Internet is between 15 and 20 autonomous systems, so there is no need to use the extended length. The failure was discovered because of a malfunction in the BGP implementation of another vendor. There is no workaround.
(Part of the text was taken from RFD 1771.)
•
When BGP sessions get reset, currently, with lob neighbor-changes, the even is errlogged. However, to find out the reasons as to why there was a reset, one has to turn on the debugs. This fix will automatically errlog the notification message when the sessions are reset. This feature will be turned on by the same log neighbor-changes knob.
Release 12.1(5a)E3
These sections describe the open and resolved caveats in Catalyst 6000 ATM Release 12.1(5a)E3:
•
•
Open Caveats in Release 12.1(5a)E3
•
The clear count command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.
•
This error message might appear after an LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message. CSCdp07319 has not been seen in other releases.
•
On the Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS-enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.
Workaround: Enter the clear cam dynamic <vlanid> command on the Catalyst family switch.
•
On the Catalyst 6500 series ATM modules that are running software Release 12.1(4)E2 and have QoS-enabled LECs, a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
•
The following error message may appear three times when the Catalyst 6500 series ATM module boots up:
Preferred Phy: Phy A is already Selected.These repetitions are harmless and can be ignored.
•
If you enter the show interface command on a WS-X6101 running software version 12.1(2).E1, EOBC displays for the Eth0 interface.
•
Under the following rare circumstances, the Catalyst 6500 series supervisor engine might reset the WS-X6101 ATM module:
–
–
–
Resolved Caveats in Release 12.1(5a)E3
•
After a switchover to the redundant supervisor engine, the ifIndex for the ATM interface changes, and there are duplicate entries in the ifTable for the interfaces corresponding to the dual PHY (PHY A and PHY B).
•
The password recovery procedure is broken on the Catalyst 6500 series ATM modules.
•
Under rare conditions, a QoS-configured LAN Emulation Client (LEC) might drop packets.
Workaround: Assuming the name of the QoS Database is "qosdb" and the problem applies to a LEC on atm subinterface 5, perform the following task:
ATM#configure terminalATM(config)#interface a0.5ATM(config-subif)#no lane client qos qosdbATM(config-subif)#shutdownATM(config-subif)#no shutdownATM(config-subif)#lane client qos qosdb•
On the Catalyst 6500 series ATM modules running Release 12.1(2)E3 and later, the show lane le-arp brief command may display incorrect counters.
Release 12.1(4)E2
These sections describe the open and resolved caveats in Release 12.1(4)E2:
•
•
Open Caveats in Release 12.1(4)E2
•
Under rare conditions, a QoS configured LAN Emulation Client (LEC) might drop packets.
Workaround: Assuming the name of the QoS Database is "qosdb" and the problem applies to a LEC on atm subinterface 5, perform the following task:
ATM#configure terminalATM(config)#interface a0.5ATM(config-subif)#no lane client qos qosdbATM(config-subif)#shutdownATM(config-subif)#no shutdownATM(config-subif)#lane client qos qosdb•
The clear count command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, if you move the LECs from QoS capable mode to non-QoS capable mode, it is possible that the LECs continue to use the UBR+ VCC instead of reverting to the UBR VCC.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LECs, if you change the QoS parameters in the QoS database, a new QoS VCC may not be established.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst6500 series switch.
•
On Catalyst 6500 series ATM modules running Release 12.1(2)E3 and later, the show lane le-arp brief command may display incorrect counters.
•
According to RFC 1573, support for 64-bit octet counters in the ifXTable is required for the ATM module interfaces. Currently, 32-bit counters in the ifTable are supported. Support for the corresponding 64-bit counter variables is missing.
•
The following message may appear three times at startup on the Catalyst 6500 series ATM module:
Preferred Phy: Phy A is already Selected.These repetitions are harmless and can be ignored.
Resolved Caveats in Release 12.1(4)E2
•
On Cisco Routers and Catalyst 6500 series ATM modules running Release 12.1(4)E, the PCR and MCR values that are configured in the LANE QoS database are considered to be User Data Rates but should be considered as Line Rates to prevent incompatibility in the show atm vc command output.
•
In rare conditions, entering the clear counters command continuously without at least a 10-15 second break between command entries might cause the WS-X6101 ATM module to reset.
•
Cisco IOS software requires LECs to join ELANs as LANE Version 2 compliant LECs. This causes interoperability problems with third-party LANE Version 1 LECs. The new lane client version 1 command has been added to resolve this problem. This command can be entered in interface configuration mode so that LECs can be configured to join as LANE Version 1 compliant. By default, the LECs are Version 2 compliant.
•
The current VC counters value displayed by the show interface atm0 and the show atm interface atm0 commands are incorrect. Enter the show atm vc command instead.
•
Under heavy traffic conditions, the WS-X6101 module may not respond to the Marconi switch poll in a timely manner, and ILMI signaling will be restarted. This will also cause the SSCOP signaling to restart and all VCs to be torn down.
Workaround: Install a Cisco switch between the WS-X6101 and the Marconi switch.
•
SNMPwalk for ifIndex on a Catalyst 6509 switch lists all of the interfaces, but when it gets to the ATM OC-12 interface on an WS-X6101-OC12-MMF running Release 12.1(2)E3, it goes into a loop.
•
Password recovery on the WS-X6101-OC12 module fails in Release 12.1(2)E3. The module continues to configure from memory even though the configuration register is set to ignore NVRAM. This problem has been fixed so that the NVRAM configuration can be skipped by using the appropriate configuration register setting.
•
When 1483 bridged PVCs are configured on the Catalyst 6500 series ATM module, it is possible to send packets with or without FCS enabled. The required CLI is the atm 1483pvc fcs enable command. The default behavior is to send packets with FCS. To disable this behavior, enter the no atm 1483pvc fcs enable interface command.
•
In Release 12.1(2)E3, the boot command is missing in global configuration mode. Consequently, the boot variable cannot be set. If the NVRAM configuration file contains a boot command, and the first image in the bootflash is Release 12.1(2)E3, the boot command will be ignored and the module will boot up with the 12.1(2)E3 image.
Workaround: This problem did not exist in Releases 12.0(5)XS and 12.0(5)XS1, and it has been fixed in Release 12.1(4)E2. Having any of these images as the first image in the bootflash will allow the boot command to be recognized during startup.
Release 12.1(2)E2
These sections describe the open and resolved caveats in Release 12.1(2)E2:
•
•
Open Caveats in Release 12.1(2)E2
•
The current VC counters value displayed by the show interface atm0 and the show atm interface atm0 commands are incorrect. Enter the show atm vc command instead.
•
The clear count command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.
•
This message might appear after an LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.
•
Cisco IOS software requires LECs to join ELANs as LANE Version 2 compliant LECs causing interoperability problems with third-party LANE Version 1 LECs.
Resolved Caveats in Release 12.1(2)E2
•
An error can occur with management protocol processing. Use the following URL for further information:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
This problem is resolved in Release 12.1(10)E4.
Release 12.1(2)E1
These sections describe the open and resolved caveats in Release 12.1(2)E1:
•
•
Open Caveats in Release 12.1(2)E1
•
The current VC counters value displayed by the show interface atm0 and the show atm interface atm0 commands are incorrect. Enter the show atm vc command instead.
•
The clear count command does not clear the counters if the ATM interface is in shutdown state.
•
The CLI allows you to set the MTU size to 1500, 4528, and 9218 bytes, but the only supported MTU size is 1500. The ATM module will accept a command setting MTU to a size other than 1500, but this command will have no effect and the MTU size will remain at 1500.
•
This message might appear after an LECS failover:
%SCHED-3-STUCKMTMR: Sleep with expired managed timer 60B380CC, time 0x1458758 (00:00:00 ago).The LECS failover process will proceed normally. Ignore this message because this problem has not been seen in other releases.
•
Cisco IOS software requires LECs to join ELANs as LANE Version 2 compliant LECs causing interoperability problems with third-party LANE Version 1 LECs.
Resolved Caveats in Release 12.1(2)E1
•
The Fast Simple Server Redundancy Protocol (FSSRP) feature might not be completely disabled when you enter the no lane fssrp command.
•
The CLI does not allow users to disable the LEC LE-Flush mechanism. The new [no] lane client flush command has been added in Release 12.1(2)E1 to resolve this problem.
•
A defect in multiple versions of Cisco IOS software will cause a Cisco router or switch to stop and reload if you enable the Cisco IOS HTTP service and attempt to browse to http://<router-ip. Thisdefect can be exploited to produce a denial of service (DoS) attack. This defect has been discussed on public mailing lists and should be considered public information.
The vulnerability, identified as Cisco bug ID CSCdr36952, affects virtually all mainstream Cisco routers and switches running Cisco IOS Release 11.1 through Release 12.1. The vulnerability has been corrected and Cisco is making fixed versions available to replace all affected Cisco IOS releases. Customers are urged to upgrade to releases that are not vulnerable to this defect.
Workaround: Nullify the vulnerability by disabling the Cisco IOS HTTP server, by preventing access to the port in use by the HTTP server on the affected router or switch, or by applying an access-class option to the service itself. The Cisco IOS HTTP server is not enabled by default except on a small number of router models in specific circumstances.
You can access the latest complete version of this security advisory at the following World Wide Web site: http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml.
Release 12.0(5)XS2
These sections describe the open and resolved caveats in Catalyst 5000 ATM Release 12.1(2)E:
•
•
Open Caveats in Release 12.0(5)XS2
None.
Resolved Caveats in Release 12.0(5)XS2
•
An error can occur with management protocol processing. Use the following URL for further information:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetailshttp://www.cisco.com/pcgi-bin/bugtool/onebug.pl?bugid=CSCdw65903bugId=CSCdw65903
Related Documentation
For additional information on Catalyst 6500 series switches and command-line interface (CLI) commands, refer to the Catalyst 6500 Series Switch Software Configuration Guide, the ATM Configuration Guide and Command Reference: Catalyst 6000 and 5000 Family Switches, the Catalyst 5000 Family Switch Command Reference, and the Catalyst 6500 Series Switch Command Reference publications.
For detailed hardware configuration and maintenance procedures, refer to the Catalyst 6500 Series Switch Installation Guide.
For additional information on Cisco IOS commands, refer to the Configuration Fundamentals Command Reference publication.
Notices
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
4.
5.
6.
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
© 1999-2008 Cisco Systems, Inc. All rights reserved.
