Datasheet

ManualsBrandsCisco Manualschassis componentsFAN-MOD-6HS=

121

122

123

124

125

126

127

128

129

130

124

Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC

OL-2310-11

Caveats

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-tcp.shtml

This problem is resolved in Release 12.1(27b)E1. (CSCek37177)

• Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in

Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS

are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no

workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:

Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

This problem is resolved in Release 12.1(27b)E1 (CSCek26492)

• A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically

generated output, such as the output from a show buffers command, will be passed to the browser

requesting the page. This HTML code could be interpreted by the client browser and potentially

execute malicious commands against the device or other possible cross-site scripting attacks.

Successful exploitation of this vulnerability requires that a user browse a page containing dynamic

content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers.

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml

This problem is resolved in Release 12.1(27b)E1. (CSCsc64976)

• With the Cisco IOS Firewall CBAC feature enabled, if a client opens a connection to a server, which

causes a firewall session to be created, and the connection is terminated on both the client and the

server, the firewall session may never time out. This problem occurs with applications that use fixed

source and destination ports. This problem is resolved in Release 12.1(27b)E1. (CSCsc72722)

• When establishing a DLSw Ethernet redundancy master and slave relationship, two devices never

receive LLC frames transmitted one another. This problem is resolved in Release 12.1(27b)E1.

(CSCsd55300)

• Port 2 or port 4 on a WS-X6816-GBIC switching module might go up and down when port 1 is

enabled, not connected, and set to autonegotiate. This problem occurs if a 1000BASE-T GBIC was

ever inserted since the last time the module was reloaded. This problem is resolved in

Release 12.1(27b)E1. (CSCse12195)

• With DLSw Ethernet Redundancy configured, circuits might be established through the passive

switch. This problem is resolved in Release 12.1(27b)E1. (CSCse17611)

• An enable authentication request might be sent erroneously to the AAA server group that was

configured for login authentication. This problem is resolved in Release 12.1(27b)E1.

(CSCsd95752)

• After a bridge group is removed, the bridge entry in a MAC nonaddress table might not be cleared

for several minutes. This situation will result in a temporary interruption in fall-back bridging. This

problem is resolved in Release 12.1(27b)E1. (CSCsc28959)