Cisco Cisco IOS Software Release 12.4(4)T Notas de publicación
1287
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(4)T6
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–
Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–
Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There
are workarounds available to mitigate the effects of these vulnerabilities.
are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at
.
Note
Another related advisory has been posted with this advisory. This additional advisory also
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
.
A combined software table for Cisco IOS is available to aid customers in choosing a software
releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is
available at the following link:
releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is
available at the following link:
Resolved Caveats—Cisco IOS Release 12.4(4)T6
Cisco IOS Release 12.4(4)T6 is a rebuild release for Cisco IOS Release 12.4(4)T. The caveats in this
section are resolved in Cisco IOS Release 12.4(4)T6 but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.4(4)T6 but may be open in previous Cisco IOS releases.
The following information is provided for each caveat:
•
Symptoms—A description of what is observed when the caveat occurs.
•
Conditions—The conditions under which the caveat has been known to occur.
•
Workaround—Solutions, if available, to counteract the caveat.
Miscellaneous
•
CSCse92359
Symptoms: The FXS ports on a Cisco IAD2400 IAD and a Cisco VG224 gateway delivers lower
than advertised idle voltage, close to -37 volts. This is observed with the idle voltage high command
already configured under the voice port.
than advertised idle voltage, close to -37 volts. This is observed with the idle voltage high command
already configured under the voice port.
Conditions: This symptom has been observed on a Cisco IAD2431 IAD with an Eight FXS Analog
Voice Module V2.1 and with a Cisco VG224 gateway which has an onboard FXS version 2.1.
Voice Module V2.1 and with a Cisco VG224 gateway which has an onboard FXS version 2.1.
Workaround: Use an FXS port with an earlier chip revision, such as version 1.3, and configure
alt-battery-feed feed2 command under the FXS voice ports.
alt-battery-feed feed2 command under the FXS voice ports.