Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(50)SE and Later
26
Release Notes for Cisco Catalyst Blade Switch 3120 for HP, Cisco IOS Release 12.2(50)SE and Later
OL-18270-03
Resolved Caveats
Cisco IOS Caveats Resolved in Cisco IOS Release 12.2(50)SE
• CSCsk64158
Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet
vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked
input queue on the inbound interface. Only crafted UDP packets destined for the device could result
in the interface being blocked, transit traffic will not block the interface.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the workarounds section of the
advisory. This advisory is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20090325-udp.shtml.
• CSCsm27071
A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service
attack when any of several features of Cisco IOS software are enabled. A sequence of specially
crafted TCP/IP packets could cause any of the following results:
–
The configured feature may stop accepting new connections or sessions.
–
The memory of the device may be consumed.
–
The device may experience prolonged high CPU utilization.
–
The device may reload. Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the “workarounds” section of the
advisory. The advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
• CSCso53157
When STP is disabled on the stack, the Hot Standby Router Protocol (HSRP) hello packets now pass
through the switch stack when the stack is connected to two routers through cross-stack
EtherChannels.
• CSCsq2687
The server no longer attempts re-authentication every ten minutes when a switch is configured with
the dot1x timeout reauth-period server interface configuration command.
• CSCsq67398
Traffic is now forwarded to the interfaces that are configured with static multicast MAC addresses
after the switch is reloaded.
Note You cannot configure the static MAC address (unicast or multicast) entries on EtherChannel
member interfaces, or add an interface into the EtherChannel if that interface is associated with
a static MAC address entry.
• CSCsq89564
If the switch uses 802.1x authentication with VLAN assignment, it no longer uses the VLAN
assignment with different authorization attempts, such as user authentication or re-authentication.
• CSCsr29468
Cisco IOS software contains a vulnerability in multiple features that could allow an attacker to cause
a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP
packets can cause the vulnerable device to reload.