Datasheet
150
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
• For QoS filtering, extended ACLs that are configured to match DSCP parse 7 bits of the ToS byte
instead of 6 bits. This problem is resolved in Release 12.1(26)E. (CSCec86976)
• A document that describes how the Internet Control Message Protocol (ICMP) could be used to
perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol
(TCP) has been made publicly available. This document has been published through the Internet
Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP”
(draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
1. Attacks that use ICMP “hard” error messages.
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks.
3. Attacks that use ICMP “source quench” messages.
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
This problem is resolved in Release 12.1(26)E. (CSCed78149, CSCef44225)
• In IP packets with the IP options field populated, the IP type-of-service (ToS) byte might be
truncated to a 3-bit long field. This problem deletes 3 bits of the 6-bit DSCP value and causes
incorrect QoS operation. This problem is resolved in Release 12.1(26)E. (CSCed93264)
• With a default route configured, a reload might occur if you enter the clear ip route * command.
This problem is resolved in Release 12.1(26)E. (CSCee35125)
• A reload might follow the display of these messages:
%RPC-SP-2-FAILED: Failed to send RPC request online_diag_sp_request:get_rp_cpu_info
-Traceback= 40929C90 4067A8F0 40683EB8 406609D4 406612C0 40661DAC 40660040 4065FEB8
%Software-forced reload
Unexpected exception, CPU signal 23, PC = 0x4013E95C
-Traceback= 4013E95C 4013C824 40929C98 4067A8F0 40683EB8 406609D4 406612C0 40661DAC
40660040 4065FEB8
This problem is resolved in Release 12.1(26)E. (CSCee36959)
• Traffic is routed in software when it uses a static ARP entry with an IP route that has a destination
that is a local interface instead of an IP next-hop address. A static ARP entry created after a dynamic
ARP has been learned prevents the updating of the dynamic ARP entry. This problem is resolved in
Release 12.1(26)E. (CSCee49121)
• In an MPLS VPN provider edge (PE) configuration, for prefixes with multiple paths, some of which
are on an OIRed switching module, the local label for a prefix in the label forwarding information
base (LFIB) might be different from the local label allocated by the Label Distribution Protocol