Datasheet
183
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
• When Border Gateway Protocol (BGP) uses multihome interfaces to peer with the neighbors that
are part of the same peer group or the same update group and you enter the neighbor next-hop-self
router configuration command on routers of a peer group, the next-hop calculation is performed only
on the first member of the peer group, and the same next-hop value is replicated to the rest of the
peers instead of calculating the next hop based on the next-hop-self configuration. This problem is
resolved in Release 12.1(22)E. (CSCec14415)
• When fragmenting MPLS traffic, a reload might occur after display of a “SYS-2-GETBUF”
message. This problem is resolved in Release 12.1(22)E. (CSCeb16876)
• The PFC might not be programmed to provide Layer 3 switching for traffic that follows a static route
to the null 0 interface. This problem is resolved in Release 12.1(22)E. (CSCea86396)
• Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are
typically used in packetized voice or multimedia applications. Features such as NAT and IOS
Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been
developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for
the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS
releases are affected if configured for various types of Voice/Multimedia Application support. The
vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are
workarounds available that may mitigate the impact, but these techniques may not be appropriate
for use in all customer networks. This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
This problem is resolved in Release 12.1(22)E. (CSCea44227, CSCdx40184, CSCeb78836,
CSCec76776, CSCed28873, CSCin56408)
• In releases where CSCdz75507 is resolved, you cannot configure fall-back bridging on any
subinterface under a physical interface where MPLS is configured on another subinterface. This
problem is resolved for ATM interfaces in Release 12.1(22)E. (CSCeb87433; also see resolved
caveat CSCee00239)
• CBAC FTP-data sessions might stay in the “sis-closing” state because of out-of-order packet
handling. This problem is resolved in Release 12.1(22)E. (CSCed03333)
• The Cisco IOS firewall authentication proxy feature might reject a connection. This problem is
resolved in Release 12.1(22)E. (CSCea33481)
• Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S,
12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited,
could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This
behavior was introduced via a code change and is resolved with CSCed68575.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may
cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
This problem is resolved in Release 12.1(22)E. (CSCed68575)
• A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the