Cisco Cisco IOS Software Release 12.0 S Release Notes
2237
Cross-Platform Release Notes for Cisco IOS Release 12.0S
OL-1617-14 Rev. Q0
Resolved Caveats—Cisco IOS Release 12.0(19)S1
Workaround: Manually change the configuration.
•
CSCds81716
On a Versatile Interface Processor (VIP) console, a spurious memory access trace message may be
displayed when the serial interface comes up. There is no workaround.
displayed when the serial interface comes up. There is no workaround.
•
CSCdt96253
Three different Cisco product lines are susceptible to multiple vulnerabilities in the Secure Shell
(SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in
several Cisco product lines.
(SSH) protocol. These issues are inherent to the SSH protocol version 1.5, which is implemented in
several Cisco product lines.
By exploiting the weakness in the SSH protocol, it is possible to insert an arbitrary command into
an established SSH session, collect information that may help in brute force key recovery, or brute
force a session key.
an established SSH session, collect information that may help in brute force key recovery, or brute
force a session key.
The affected product lines are as follows:
–
All devices, including routers and switches, running Cisco IOS software supporting SSH
–
Catalyst 6000 switches running CatOS
–
Cisco PIX Firewall
No other Cisco products are vulnerable.
It is possible to mitigate this vulnerability by preventing, or having a control over, interception of
SSH traffic. see the advisory at the following URL:
SSH traffic. see the advisory at the following URL:
•
CSCdu05363
Selective packet discard (SPD) does not function on Gigabit Ethernet line cards (Engine 1 and
Engine 2) and Fast Ethernet line cards that are installed in a Cisco 12000 series Internet router.
Engine 2) and Fast Ethernet line cards that are installed in a Cisco 12000 series Internet router.
Workaround: Increase the input hold queue to store the excess packets.
•
CSCdu35175
Six vulnerabilities involving the access control list (ACL) have been discovered in multiple releases
of Cisco IOS software for the Cisco 12000 series Internet router. Not all vulnerabilities are present
in all Cisco IOS releases, and only line cards based on the Engine 2 are affected by them. No other
Cisco product is vulnerable.
of Cisco IOS software for the Cisco 12000 series Internet router. Not all vulnerabilities are present
in all Cisco IOS releases, and only line cards based on the Engine 2 are affected by them. No other
Cisco product is vulnerable.
The workarounds are described in the “Workarounds” section of the advisory that is available at the
following URL:
following URL:
http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Workaround: Use the shut command followed by the no shut command to flap the interface.
•
CSCdu81007
The Cisco Express Forwarding (CEF) table is not updated properly when the IP address of an
interface changes. The new IP address is added to the CEF table but the old one is not removed. If
subinterfaces are used, the old ones remain in the CEF table even after the subinterfaces are
removed.
interface changes. The new IP address is added to the CEF table but the old one is not removed. If
subinterfaces are used, the old ones remain in the CEF table even after the subinterfaces are
removed.
Workaround: When you issue the shut command on the subinterface before changing the address,
the IP address is correctly deleted from the CEF tables.
the IP address is correctly deleted from the CEF tables.