Datasheet

ManualsBrandsCisco Manualschassis componentsFAN-MOD-6HS=

171

172

173

174

175

176

177

178

179

180

176

Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC

OL-2310-11

Caveats

• When an OSPF external route has a forwarding address with a next hop address in the routing table,

the next hop address does not get updated in the type 5 link-state advertisement (LSA) when the

forwarding address gets a more specific entry in the routing table with a different next hop address.

This problem is resolved in Release 12.1(22)E3. (CSCed59370)

• A document that describes how the Internet Control Message Protocol (ICMP) could be used to

perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol

(TCP) has been made publicly available. This document has been published through the Internet

Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP”

(draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of

three types:

1. Attacks that use ICMP “hard” error messages.

2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also

known as Path Maximum Transmission Unit Discovery (PMTUD) attacks.

3. Attacks that use ICMP “source quench” messages.

Successful attacks may cause connection resets or reduction of throughput in existing connections,

depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are

workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security

Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple

vendors whose products are potentially affected. Its posting can be found at:

http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

This problem is resolved in Release 12.1(22)E3. (CSCed78149)

• Traffic might be lost when communication fails between the supervisor engine and the MSFC. This

problem is resolved in Release 12.1(22)E3: an intentional reload occurs when communication fails

between the supervisor engine and the MSFC. (CSCee39004)

• While traffic is flowing, CPU utilization might increase to a very high level if you reconfigure an

EtherChannel from Layer 3 to Layer 2 and configure a Layer 3 VLAN interface for the

EtherChannel. This problem is resolved in Release 12.1(22)E3. (CSCee41100)

• Traffic loss might occur on fabric-enabled modules when there are frequent OIRs. This problem is

resolved in Release 12.1(22)E3. (CSCee44496, CSCee48403, CSCee78766)

• SNMP returns a null value for the SLB real server name. This problem is resolved in

Release 12.1(22)E3. (CSCee60121)

• A memory leak might occur with Cisco IOS firewall authentication proxy configured. This problem

is resolved in Release 12.1(22)E3. (CSCef14971)

• Occasionally, these modules might lose the ability to communicate over the Ethernet Out of Band

Channel (EOBC) and reset:

–

WS-X6416-GBIC

–

WS-X6348-RJ-45

–

WS-X6148-RJ-45

–

WS-X6348-RJ-21