Datasheet

ManualsBrandsCisco Manualschassis componentsFAN-MOD-6HS=

221

222

223

224

225

226

227

228

229

230

227

Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC

OL-2310-11

Caveats

Open General Caveats in Release 12.1(13)E17

• If you replace a set ip dscp or set ip precedence class map command with a police class map

command, the class map is deleted. This problem is resolved in Release 12.1(14)E. (CSCdy42355,

CSCdy41975)

Resolved General Caveats in Release 12.1(13)E17

• Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow

vulnerability. Cisco has included additional integrity checks in its software, as further described

below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected

customers.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.

This problem is resolved in Release 12.1(13)E17. (CSCei61732)

• Receipt of a Border Gateway Protocol (BGP) Autonomous System (AS) path with a length that is

equal to or greater than 255 might reset the BGP session. This problem is resolved in

Release 12.1(13)E17. (CSCeh13489)

Resolved General Caveats in Release 12.1(13)E16

• A Cisco device running Cisco IOS and enabled for the Border Gateway Protocol (BGP) is

vulnerable to a Denial of Service (DoS) attack from a malformed BGP packet. Only devices with

the command ‘bgp log-neighbor-changes’ configured are vulnerable. The BGP protocol is not

enabled by default, and must be configured in order to accept traffic from an explicitly defined peer.

Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be

difficult to inject a malformed packet.

If a misformed packet is received and queued up on the interface, this bug may also be triggered by

other means which are not considered remotely exploitable such as the use of the command ‘show

ip bgp neighbors’ or running the command ‘debug ip bgp <neighbor> updates’ for a configured bgp

neighbor.

Cisco has made free software available to address this problem.

For more details, please refer to this advisory, available at

http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml

This problem is resolved in Release 12.1(13)E16. (CSCee67450)

• A specifically crafted Transmission Control Protocol (TCP) connection to a telnet or reverse telnet

port of a Cisco device running Internetwork Operating System (IOS) may block further telnet,

reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases Hypertext Transport

Protocol (HTTP) access to the Cisco device. Telnet, reverse telnet, RSH and SSH sessions

established prior to exploitation are not affected.

All other device services will operate normally. Services such as packet forwarding, routing

protocols and all other communication to and through the device are not affected.

Cisco will make free software available to address this vulnerability. Workarounds, identified below,

are available that protect against this vulnerability.

The Advisory is available at

http://www.cisco.com/warp/public/707/cisco-sa-20040827-telnet.shtml

This problem is resolved in Release 12.1(13)E16. (CSCef46191)