Cisco Cisco IOS Software Release 12.4(23) Notas de publicación
944
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(1)
IP Routing Protocols
•
CSCef11304
Symptoms: When performing a snmpwalk on OSPF-MIB that supports the ospfExtLsdbTable, a
router can crash. In other instances alignment errors are observed when you enter the show
alignment command.
router can crash. In other instances alignment errors are observed when you enter the show
alignment command.
Conditions: These symptoms are observed on a Cisco platform that runs Open Shortest Path First
(OSPF) and supports the ospfExtLsdbTable in OSPF-MIB.
(OSPF) and supports the ospfExtLsdbTable in OSPF-MIB.
Workaround: There is no workaround.
•
CSCef33035
Symptoms: A router may crash and reload and generate the following error message:
TLB (load or instruction fetch) exception, CPU signal 10, PC = 0x609EE524
Conditions: This symptom is observed on a router that runs OSPF and that is configured with
incremental SPF (ISPF).
incremental SPF (ISPF).
Workaround: Disable ISPF by entering the no ispf router configuration command.
•
CSCef60452
Symptoms: A router may stop receiving multicast traffic.
Conditions: This symptom is observed rarely during convergence when a router receives a Join
message on an RPF interface and when a downstream router converges faster than the first router
that receives the Join message.
message on an RPF interface and when a downstream router converges faster than the first router
that receives the Join message.
In this situation, the router does not populate the RPF interface into the OIL (that is, the OIL remains
null) because the old SP-tree has already been pruned by the downstream router. When the RPF
interface of the router changes to the new path later, it does not trigger a Join message toward the
multicast source until the router receives a next periodic Join message from the downstream router
and populates the OIL. As a result, multicast traffic stops temporarily but no longer than the periodic
Join message interval.
null) because the old SP-tree has already been pruned by the downstream router. When the RPF
interface of the router changes to the new path later, it does not trigger a Join message toward the
multicast source until the router receives a next periodic Join message from the downstream router
and populates the OIL. As a result, multicast traffic stops temporarily but no longer than the periodic
Join message interval.
Workaround: There is no workaround.
•
CSCef60659
A document that describes how the Internet Control Message Protocol (ICMP) could be used to
perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol
(TCP) has been made publicly available. This document has been published through the Internet
Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP”
(draft-gont-tcpm-icmp-attacks-03.txt).
perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol
(TCP) has been made publicly available. This document has been published through the Internet
Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks Against TCP”
(draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1.
Attacks that use ICMP “hard” error messages
2.
Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3.
Attacks that use ICMP “source quench” messages
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.