Cisco Cisco IOS Software Release 12.2

Workaround: Disable the ip http secure server command. 

CSCsj18014

Symptoms: A caller ID may be received with extra characters.

Conditions: This symptom is observed when caller ID is enabled on both routers and when the 
station ID and station name are configured on the FXS side.

Workaround: There is no workaround. 

CSCek37177

The Cisco IOS Transmission Control Protocol (TCP) listener in certain versions of Cisco IOS 
software is vulnerable to a remotely-exploitable memory leak that may lead to a denial of service 
condition.

This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the 
Cisco IOS device will not trigger this vulnerability.

Cisco has made free software available to address this vulnerability for affected customers.

This issue is documented as Cisco bug ID CSCek37177

There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at: 

CSCse05736

Symptoms: A router that is running RCP can be reloaded by a specific packet.

Conditions: This symptom is seen under the following conditions:

The router must have RCP enabled.

The packet must come from the source address of the designated system configured to send RCP 
packets to the router.

The packet must have a specific data content.

Workaround: Put access lists on the edge of your network blocking RCP packets to prevent spoofed 
RSH packets. Use another protocol such as SCP. Use VTY ACLs. 

Cisco IOS Release 12.2(29a) is a rebuild release for Cisco IOS Release 12.2(29). The caveats in this 
section are resolved in Cisco IOS Release 12.2(29a) but may be open in previous Cisco IOS releases.

The following information is provided for each caveat: