Datasheet
165
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
• When you use local-proxy-arp and HSRP, the active MSFC could respond to ARP requests with the
BIA MAC address and the redundant MSFC might keep cached ARP entries that should have been
deleted. This problem is resolved in Release 12.1(23)E. (CSCed72287)
• After Cisco IOS ACLs have been updated dynamically or after responding dynamically to an IDS
signature, a reload might occur following attempts to access a low memory address. This problem
is resolved in Release 12.1(23)E. (CSCed35253)
• When you configure BGP peergroups, spurious memory access messages are displayed. This
problem is resolved in Release 12.1(23)E. (CSCec78347)
• If the FIB TCAM is full, a memory leak or a reload might occur or you might observe high
supervisor engine utilization. This problem is resolved in Release 12.1(23)E. (CSCeb85827,
CSCeb29888, CSCec14802, CSCec42634, CSCed58661, CSCee00311, CSCee22821)
• With MD5 password encryption configured, the software does not correctly verify that all
configured TCP options can be sent in a TCP packet, which can cause this message to be displayed:
%TCP-6-TOOBIG: Tty0, too many bytes of options (44)
This problem is resolved in Release 12.1(23)E. (CSCeb07106)
• A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this
vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
This problem is resolved in Release 12.1(23)E. (CSCed93836, CSCdz84583)
• Many memory allocation failure (MALLOCFAIL) messages might occur for a Cisco Discovery
Protocol (CDP) process:
%SYS-2-MALLOCFAIL: Memory allocation of -1732547824 bytes failed from x605111F0, pool
Processor, alignment 0
-Process= "CDP Protocol", ipl= 0, pid= 42
-Traceback= 602D5DF4 602D78A0 605111F8 60511078 6050EC88 6050E684 602D0E2C 602D0E18
This problem is resolved in Release 12.1(23)E. (CSCdz32659)
• With both static and dynamic Port Address Translation (PAT) configured and if the ip nat pool
inside_pool_name command has been entered for only one IP address, the IP addresses that are used
for overloading might be used as one-to-one translations. This problem is resolved in
Release 12.1(23)E. (CSCdx19396)