Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
783
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(3g)
Conditions: This symptom is observed on a Cisco 2600 series when you attempt to run the
c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other
releases.
c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other
releases.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
CSCse05736
Symptoms: A router that is running RCP can be reloaded by a specific packet.
Conditions: This symptom is seen under the following conditions:
–
The router must have RCP enabled.
–
The packet must come from the source address of the designated system configured to send RCP
packets to the router.
packets to the router.
–
The packet must have a specific data content.
Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed
RSH packets. Use another protocol such as SCP. Use VTY ACLs.
RSH packets. Use another protocol such as SCP. Use VTY ACLs.
Resolved Caveats—Cisco IOS Release 12.4(3g)
Cisco IOS Release 12.4(3g) is a rebuild release for Cisco IOS Release 12.4(3). The caveats in this
section are resolved in Cisco IOS Release 12.4(3g) but may be open in previous Cisco IOS releases.
section are resolved in Cisco IOS Release 12.4(3g) but may be open in previous Cisco IOS releases.
Basic System Services
•
CSCej30903
Symptoms: A router allows logging into the root (or any other configured) view without prompting
for a password.
for a password.
Conditions: This symptom is observed when no method list is configured for login service.
Workaround: Configure a method list for the login service.
•
CSCsa43465
Symptom: Users under specified conditions may be able to access privilege level 15 without
entering a password.
entering a password.
Conditions: In Cisco IOS Release 12.3(7)T and later, which support Role-Based CLI Access, the
use of the none keyword in the default login method list may allow users to enter root view mode
(privilege level 15) without entering a password.
use of the none keyword in the default login method list may allow users to enter root view mode
(privilege level 15) without entering a password.
Example, if the customer configures:
aaa authentication login default group tacacs+ none
If the TACACS+ server is down, users are allowed to enter non-privileged mode. However, they can
also enable into root view access through the enable view command without having to enter a
password.
also enable into root view access through the enable view command without having to enter a
password.
Workaround: The resolution of the DDTS puts authentication of the enable view command to the
default enable method list.
default enable method list.