Datasheet

ManualsBrandsCisco Manualschassis componentsFAN-MOD-6HS=

131

132

133

134

135

136

137

138

139

140

137

Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC

OL-2310-11

Caveats

• Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in

Cisco Security Advisory: Crafted IP Option Vulnerability:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS

are not at risk of crash if CSCec71950 has been resolved in the software.

Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no

workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:

Crafted IP Option Vulnerability for workaround information:

http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml

This problem is resolved in Release 12.1(26)E7 (CSCek26492)

• Symptoms: The VTP feature in certain versions of Cisco IOS software may be vulnerable to a

crafted packet sent from the local network segment which may lead to denial of service condition.

Conditions: The packets must be received on a trunk enabled port.

Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing

three vulnerabilities:

–

VTP Version field DoS

–

Integer Wrap in VTP revision

–

Buffer Overflow in VTP VLAN name

These vulnerabilities are addressed by Cisco IDs:

–

CSCsd52629/CSCsd34759—VTP version field DoS

–

CSCse40078/CSCse47765—Integer Wrap in VTP revision

–

CSCsd34855/CSCei54611—Buffer Overflow in VTP VLAN name

Cisco’s statement and further information are available on the Cisco public website at

http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml

This problem is resolved in Release 12.1(26)E7. (CCSCsd34759)

• Symptoms: The VTP feature in certain versions of Cisco IOS software is vulnerable to a

locally-exploitable buffer overflow condition and potential execution of arbitrary code. If a VTP

summary advertisement is received with a Type-Length-Value (TLV) containing a VLAN name

greater than 100 characters, the receiving switch will reset with an Unassigned Exception error.

Conditions: The packets must be received on a trunk enabled port, with a matching domain name

and a matching VTP domain password (if configured).

Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing

three vulnerabilities:

–

VTP Version field DoS

–

Integer Wrap in VTP revision

–

Buffer Overflow in VTP VLAN name