Datasheet
194
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
Resolved General Caveats in Release 12.1(20)E3
• Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the
Cisco IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access
Control System Plus (TACACS+) as a means to perform remote management tasks on Cisco IOS
devices, may contain two vulnerabilities that can potentially cause Cisco IOS devices to exhaust
resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial of Service
(DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not
affected by these vulnerabilities.
Cisco has made free software available to address these vulnerabilities for all affected customers.
There are workarounds available to mitigate the effects of the vulnerability (see the “Workarounds”
section of the full advisory for details.)
This advisory will be posted at
http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml.
This problem is resolved in Release 12.1(20)E3. (CSCed65778)
• Address overloading might fail if you manually clear the NAT translation table. This problem is
resolved in Release 12.1(20)E3. (CSCdt95129)
• With certain configurations, a reload might occur when you enter the show cdp entry * protocol
command. This problem is resolved in Release 12.1(20)E3. (CSCed40563)
• Cisco Internetwork Operating System (IOS) Software releases trains 12.0S, 12.1E, 12.2, 12.2S,
12.3, 12.3B and 12.3T may contain a vulnerability in processing SNMP requests which, if exploited,
could cause the device to reload.
The vulnerability is only present in certain IOS releases on Cisco routers and switches. This
behavior was introduced via a code change and is resolved with CSCed68575
.
This vulnerability can be remotely triggered. A successful exploitation of this vulnerability may
cause a reload of the device and could be exploited repeatedly to produce a Denial of Service (DoS).
This advisory is available at http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml
This problem is resolved in Release 12.1(20)E3. (CSCed68575)
• A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this
vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-nonios.shtml.
This problem is resolved in Release 12.1(20)E3. (CSCed93836, CSCdz84583)