Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-10426-01

221

222

223

224

225

226

227

228

229

230

1254

Cross-Platform Release Notes for Cisco IOS Release 12.0S

OL-1617-14 Rev. Q0

Resolved Caveats—Cisco IOS Release 12.0(27)S5

Conditions: This symptom is observed when the MSDP session flaps while you enter the show ip

msdp peer command.

Workaround: There is no workaround.

• CSCef57803

Symptoms: In a VPNv4 network in which a multi-homed CE router advertises multiple paths for a

prefix, a PE router may fail to withdraw the prefix previously advertised to another PE router when

its best path changes from a non-imported path to an imported path because of a change in the import

route map of the VRF.

Conditions: This symptom is observed in a topology in which a CE router connects to a PE router

via two different VRFs.

Workaround: Remove the imported path either by unconfiguring the import route map of the VRF

or by changing the import route target, withdraw the non-imported prefix from the CE router, and

restore the import route map or import route target.

• CSCef60659

A document that describes how the Internet Control Message Protocol (ICMP) could be used to

perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol

(TCP) has been made publicly available. This document has been published through the Internet

Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP"

(draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of

three types:

1. Attacks that use ICMP "hard" error messages

2. Attacks that use ICMP "fragmentation needed and Don’t Fragment (DF) bit set" messages, also

known as Path Maximum Transmission Unit Discovery (PMTUD) attacks

3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections,

depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are

workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security

Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple

vendors whose products are potentially affected.

• CSCef93215

Symptoms: A router that is configured for OSPF may reload unexpectedly and reference the

"ospf_build_one_paced_update" process.

Conditions: This is observed on a Cisco router that has a mixture of LSAs (of type 5 and 11) that

travel throughout an autonomous system and LSAs (of any type other than type 5 and 11) that travel

within a particular OSPF area. The symptom may occur at any time without any specific changes or

configuration and is not specifically related to any type of LSA.

Workaround: There is no workaround.