Cisco Cisco IOS Software Release 12.4(4)T
1184
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(6)T10
Workaround: There is no workaround.
•
CSCsk62253
Cisco IOS software contains two vulnerabilities within the Cisco IOS WebVPN or Cisco IOS
SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial
of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN
features:
SSLVPN feature (SSLVPN) that can be remotely exploited without authentication to cause a denial
of service condition. Both vulnerabilities affect both Cisco IOS WebVPN and Cisco IOS SSLVPN
features:
1.
Crafted HTTPS packet will crash device - Cisco Bug ID CSCsk62253.
2.
SSLVPN sessions cause a memory leak in the device - Cisco Bug ID CSCsw24700.
Cisco has released free software updates that address these vulnerabilities. There are no
workarounds that mitigate these vulnerabilities. This advisory is posted at the following link:
workarounds that mitigate these vulnerabilities. This advisory is posted at the following link:
•
CSCsk70446
Cisco IOS emits the %DATACORRUPTION-1-DATAINCONSISTENCY error message whenever
it detects an inconsistency in its internal data structures.
it detects an inconsistency in its internal data structures.
A traceback appears after the error message. This traceback is encountered with long URLs.
It is important to note that this error message does not imply that packet data is corrupted. However,
it does provide an early indicator of other conditions that can eventually lead to poor system
performance or a Cisco IOS restart.
it does provide an early indicator of other conditions that can eventually lead to poor system
performance or a Cisco IOS restart.
IP Routing Protocols
•
CSCsh84102
Symptoms: The following symptoms may occur:
- Some DMVPN spokes become unreachable and a loop appears in a traceroute.
- When you enter the show adjacency details command on the hub, the output shows that the
adjacency rewrite information for a problematic spoke is the same as for another spoke.
adjacency rewrite information for a problematic spoke is the same as for another spoke.
- There is an inconsistency between the NHRP cache and the adjacency for the problematic spoke.
Conditions: These symptoms are observed in a DMVPN configuration when the hub has CEF
enabled.
enabled.
Workaround: Disable CEF on the hub.
•
CSCsj09838
Symptoms: When the BGP session between a Route Reflector (RR) and PE router flaps, the RR may
no longer send some routes to the PE router.
no longer send some routes to the PE router.
Conditions: This symptom is observed on a Cisco router that runs a Cisco IOS software image that
integrates the fix for caveat CSCsi85222. A list of the affected releases can be found at
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi85222. Cisco IOS software
releases that are not listed in the “First Fixed-in Version” field at this location are not affected.
integrates the fix for caveat CSCsi85222. A list of the affected releases can be found at
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCsi85222. Cisco IOS software
releases that are not listed in the “First Fixed-in Version” field at this location are not affected.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom
has occurred, enter the clear ip bgp * all in command on the PE router to retrieve all routes from
the RR.
has occurred, enter the clear ip bgp * all in command on the PE router to retrieve all routes from
the RR.