Datasheet

ManualsBrandsCisco Manualschassis componentsFAN-MOD-6HS=

281

282

283

284

285

286

287

288

289

290

289

Release Notes for Cisco IOS Release 12.1E on the Catalyst 6500 and Cisco 7600 Supervisor Engine and MSFC

OL-2310-11

Caveats

• Certain Cisco products containing support for the Secure Shell (SSH) server are vulnerable to a

Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet

directed at the affected device can cause a reload of the device. No authentication is necessary for

the packet to be received by the affected device. The SSH server in Cisco IOS is disabled by default.

Cisco will be making free software available to correct the problem as soon as possible.

The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc.

Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this

vulnerability.

This advisory is available at:

http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml

This problem is resolved in Release 12.1(8b)E13. (CSCdu75477)

• A Cisco Router that has run out of processor memory may unexpectedly reload due to a bus error at

an invalid address if there is an attempt to connect with secure shell (ssh) into a vty port, which fails

due to a process creation failure. A SYS-2-CFORKMEM error message appears before the restart.

This problem is resolved in Release 12.1(8b)E13. (CSCdt13023)

Resolved Caveats in Release 12.1(8b)E12

• With a Supervisor Engine 1, traffic that fails the RPF test is not dropped in hardware. This problem

is resolved in Release 12.1(8b)E12. (CSCdx94856)

• A reload might occur while displaying the group-rp mapping cache. This problem is resolved in

Release 12.1(8b)E12. (CSCdw16433)

• The MSFC might run out of memory because of a memory leak in the routing table structures. This

problem is resolved in Release 12.1(8b)E12. (CSCdy18789)

• When IGMP snooping is enabled on a switch that is between a multicast source and a multicast

receiver, the switch incorrectly sends out two mtrace requests for each non-DVMRP-encapsulated

mtrace request it receives. This problem is resolved in Release 12.1(8b)E12. (CSCdy47269)

• The IGMP Robustness Variable (defined in RFC 2236) is increased from 1 to 2 in

Release 12.1(8b)E12. (CSCdt45806)

• With Supervisor Engine 2, packet loss might occur for a few seconds after routing protocol multicast

packets are received. This problem is resolved in Release 12.1(8b)E12. (CSCdy58383)

• With Supervisor Engine 2, any access to an invalid address in the valid I/O address space can

suspend all operation. This problem is resolved in Release 12.1(8b)E12. (CSCdx81901)

• If you configure an active member port of an EtherChannel as a SPAN source port, the port goes into

the suspended state and does not pass any traffic. In Release 12.1(8b)E12, you cannot configure an

active member port of an EtherChannel as a SPAN source port. (CSCdx81246)

• If you configure an EtherChannel between the Catalyst operating system and IOS on the supervisor

engine and MSFC, the last port on the IOS device might not completely join the EtherChannel,

which prevents multicast traffic from using the last port. This problem is resolved in

Release 12.1(8b)E12. (CSCdy63364)

• With Supervisor Engine 2, multicast packets that set the router alert option, such as IGMP general

queries and membership reports, might not be handled properly, which might disrupt IGMP client

connectivity. This problem is resolved in Release 12.1(8b)E12. (CSCdy84078)

• Some malformed IGMP packets can loop through the system causing high CPU utilization. This

problem is resolved in Release 12.1(8b)E12. (CSCdw41220)