Datasheet
232
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
• After Cisco IOS ACLs have been updated dynamically or after responding dynamically to an IDS
signature, a reload might occur following attempts to access a low memory address. This problem
is resolved in Release 12.1(13)E14. (CSCed35253)
• A reload might follow receipt of a corrupt CPD packet. This problem is resolved in
Release 12.1(13)E14. (CSCec25430)
• Occasionally, multicast traffic that should be completely Layer 3-switched is partially
Layer 3-switched, which causes multicast packets to be dropped when the ACL TCAM is full. This
problem is resolved in Release 12.1(13)E14. (CSCin63402)
• High-volume SNMP traffic might cause a reload. This problem is resolved in Release 12.1(13)E14.
(CSCed79519)
• A VLAN with no active ports might not be shut down correctly. This problem is resolved in
Release 12.1(13)E14. (CSCed47381)
• Occasionally after a reload, the IDPROM is not read correctly on a WS-X6548-RJ-45 switching
module that is equipped with a DFC, which holds the module in the “other” state. This problem is
resolved in Release 12.1(13)E14. (CSCed04988)
• The following message might be followed by a reload:
%ALIGN-1-FATAL: Corrupted program counter pc=0xX, ra=0xXXXXXXXX, sp=0xXXXXXXXX
This problem is resolved in Release 12.1(13)E14. (CSCeb48670)
• Routing Information Protocol version 2 (RIPv2) routes get stuck in the routing table, even if the next
hop interface is down. This problem is resolved in Release 12.(13)E14. (CSCea47597)
• When TTL propagation has been turned off by entering the tag-switching ip propagate-ttl
command, MPLS TTLs are still copied to IP packets. This problem is resolved in
Release 12.1(13)E14. (CSCdy47341)
• With both static and dynamic Port Address Translation (PAT) configured and if the ip nat pool
inside_pool_name command has been entered for only one IP address, the IP addresses that are used
for overloading might be used as one-to-one translations. This problem is resolved in
Release 12.1(13)E14. (CSCdx19396)
Resolved General Caveats in Release 12.1(13)E13
• A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml, and it describes this
vulnerability as it applies to Cisco products that run Cisco IOS® software.