This vulnerability affects all releases of Classic Cisco IOS software from 9.1 up to, but not including, the following corrected releases (including interim and beta software):
- 11.3(1), 11.3(1)ED, 11.3(1)T
- 11.2(10), 11.2(9)P, 11.2(9)XA, 11.2(10)BC, 11.2(8)SA3
- 11.1(15)CA, 11.1(16), 11.1(16)IA, 11.1(16)AA, 11.1(17)CC, 11.1(17)CT
It is not necessary to run the specific releases listed above; the fix is present in all subsequent versions of the same releases as well. For example, 11.2(9)P is fixed, so 11.2(10)P is also fixed.
Releases of Cisco IOS software up to and including 10.3 have reached end of support, and no fixes are currently or planned to be available for those releases. All releases after 9.1 do, however, contain the problem.
All planned fixes to Cisco IOS software have been completed and tested. Integration into regular released software is complete for all versions except 11.0. If you are running a version of software earlier than the ones listed above, please contact the Cisco TAC for assistance.
As of the date of this notice, the fix for this problem is available for the 11.0 release only in the 11.0(20.3) version. This is an interim release, and has not been subjected to the same degree of testing as a regular Cisco IOS release. The first regular 11.0 release containing the fix will be 11.0(21). Release of 11.0(21) is tentatively scheduled for mid-September, 1998; this schedule is subject to change. Because of the relative maturity of the 11.0 Cisco IOS software, Cisco believes that installation of 11.0(20.3) carries less risk than would installation of an interim release for a newer Cisco IOS version, but customers are advised to use caution in installing 11.0(20.3), or any other interim release, in any critical device.