Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
495
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(8c)
Workaround: Enter into configuration mode and change the order of the servers under the server
group.
group.
•
CSCsg03830
Symptoms: The tacacs-server directed-request command appears in the running configuration
when is should be disabled. When you disable the command by entering no tacacs-server
directed-request and reload the router, the command appears to be enabled once more.
when is should be disabled. When you disable the command by entering no tacacs-server
directed-request and reload the router, the command appears to be enabled once more.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that
integrates the fix for CSCsa45148, which disables the tacacs-server directed-request command by
default.
integrates the fix for CSCsa45148, which disables the tacacs-server directed-request command by
default.
A list of the affected releases can be found at
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa45148. Cisco IOS
software releases that are not listed in the “First Fixed-in Version” field at this location are not
affected.
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsa45148. Cisco IOS
software releases that are not listed in the “First Fixed-in Version” field at this location are not
affected.
Temporary Workaround: Each time after you have reloaded the router, disable the command by
entering no tacacs-server directed-request.
entering no tacacs-server directed-request.
Miscellaneous
•
CSCek55511
Symptoms: A Cisco AS5400HPX that is running Cisco IOS Release 12.3(11)T7 may crash with
IO Memory corruption.
IO Memory corruption.
Conditions: The crash may occur when polling for ccrpCPVGEntry, and resource pooling is enabled
on the Gateway.
on the Gateway.
Workaround: Disable SNMP polling for ccrpCPVGEntry.
•
CSCsd50476
Symptoms: A serial link goes down.
Conditions: This symptom occurs when a T1/E1 controller that is configured with channel-group
causes the serial link to go down. The CEM interface will not come up.
causes the serial link to go down. The CEM interface will not come up.
Workaround: There is no workaround.
•
CSCsd92405
Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In
order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL
protocol exchange with the vulnerable device.
order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL
protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
–
Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
–
Processing Finished messages, documented as Cisco bug ID CSCsd92405
Cisco has made free software available to address these vulnerabilities for affected customers. There
are workarounds available to mitigate the effects of these vulnerabilities.
are workarounds available to mitigate the effects of these vulnerabilities.