Datasheet
122
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
• In rare situations, intensive SNMP polling might use all available I/O memory. This problem is
resolved in Release 12.1(27b)E2. (CSCeg11566)
• For a system configured as an IP HTTP server, tracebacks and a reload might occur during HTTP
transactions with URL tokens greater than 128 characters long. A token is a string delimited by
slashes in a URL. This problem is resolved in Release 12.1(27b)E2. (CSCeg62070)
• In certain LAN topologies, the PIM assert mechanism can cause an upstream router to erroneously
remove downstream interfaces from output interface lists. When this situation occurs, it causes
multicast traffic to be dropped. This problem occurs when two or more upstream routers with routes
to the same rendezvous point or traffic source are connected to the same LAN segment as two
different downstream routers. The problem occurs when the two downstream routers select different
upstream routers as their next hop. This problem is resolved in Release 12.1(27b)E2. (CSCeh17756)
• A Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In
order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL
protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–
Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–
Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There
are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note Another related advisory has been posted with this advisory. This additional advisory also
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
A combined software table for Cisco IOS is available to aid customers in choosing a software
releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is
available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
This problem is resolved in Release 12.1(27b)E2. (CSCsb12598, CSCsb40304, CSCsd92405)
• When a PBR route map is currently using an ACL, and then you modify, configure, or reapply the
ACL, TCAM entries might be programmed incorrectly and cause a connectivity problem. This
problem occurs when the ACL is on a Supervisor Engine 2. This problem is resolved in
Release 12.1(27b)E2. (CSCse30376)
• A reload might occur when a routing event causes a Reverse Path Forwarding (RPF) interface to
become an interface configured as a multicast boundary. This problem is resolved in
Release 12.1(27b)E2. (CSCse92050)
• A vulnerability exists in the Data-link Switching (DLSw) feature in Cisco IOS where an invalid
value in a DLSw message could result in a reload of the DLSw device. Successful exploitation of
this vulnerability requires that an attacker be able to establish a DLSw connection to the device.