Datasheet
285
Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC
OL-2310-11
Caveats
vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are
workarounds available that may mitigate the impact, but these techniques may not be appropriate
for use in all customer networks. This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
This problem is resolved in Release 12.1(8b)E18. (CSCed28873)
Resolved Caveats in Release 12.1(8b)E16
• Cisco products running IOS contain vulnerabilities in the processing of H.323 messages, which are
typically used in packetized voice or multimedia applications. Features such as NAT and IOS
Firewall must inspect H.323 messages and may be vulnerable as well. A test suite has been
developed by the University of Oulu to target this protocol and identify vulnerabilities. Support for
the H.323 protocol was introduced in Cisco IOS Software Release 11.3T, and all later Cisco IOS
releases are affected if configured for various types of Voice/Multimedia Application support. The
vulnerabilities can be exploited repeatedly to produce a denial of service (DoS). There are
workarounds available that may mitigate the impact, but these techniques may not be appropriate
for use in all customer networks. This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml
This problem is resolved in Release 12.1(8b)E16. (CSCea46342, CSCdx76632, CSCin56408,
CSCdx40184, CSCec76776)
• The drop counters on Gigabit Ethernet interfaces might incorrectly increment excessively, even
during low traffic conditions. No data is actually dropped. This problem is resolved in
Release 12.1(8b)E16. (CSCdv86024)
• Incorrect VTP pruning might occur if you delete or rename VLANs in VLAN database mode. This
problem is resolved in Release 12.1(8b)E16. (CSCeb60262)
Resolved Caveats in Release 12.1(8b)E15
• There might be OSPF neighbor drops and HSRP flaps when QoS is enabled on a Supervisor
Engine 1 and MSFC2. This problem is resolved in Release 12.1(8b)E15. (CSCeb55271)
Resolved Caveats in Release 12.1(8b)E14
• A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a
Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by
default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the
malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject
a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this
advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
This problem is resolved in Release 12.1(8b)E14. (CSCdu53656)
• A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a
Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by
default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the
malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject
a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this
advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.