Cisco Cisco IOS Software Release 12.2(15)ZN
7
Release Notes for the Cisco 1700 Series Routers for Cisco IOS Release 12.2(15)ZN
OL-4281-01
Caveats
Caveats
Caveats describe unexpected behavior or defects in the Cisco IOS software releases. Severity 1 caveats
are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the
least serious of these three severity levels.
are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the
least serious of these three severity levels.
Caveats in Cisco IOS Release 12.2(15)T are also in Release 12.2(15)ZN1. For information on caveats in
Cisco IOS Release 12.2(15)T, refer to the
Cisco IOS Release 12.2(15)T, refer to the
document. For
information on caveats in Cisco IOS Release 12.2, refer to the
document. These documents list severity 1 and 2 caveats; the documents are located on Cisco.com and
the Documentation CD.
the Documentation CD.
Note
If you have an account with Cisco.com, you can also use the Bug Toolkit to find select caveats of any
severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Technical
Assistance Center: Tool Index: Bug Toolkit. Another option is to go to
severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Technical
Assistance Center: Tool Index: Bug Toolkit. Another option is to go to
.
Resolved Caveats for Release 12.2(15)ZN
The following sections list the resolved caveats for the Cisco IOS Release 12.2(15)ZN.
•
CSCdu53656
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a
Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by
default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the
malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject
a malformed packet. BGP MD5 is a valid workaround for this problem.
Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by
default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the
malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject
a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this
advisory, available at
advisory, available at
.
•
CSCdv59309
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point
Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of
the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of
the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The
second vulnerability may consume all interface descriptor blocks on the affected device because
those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly
exploited, the memory and/or interface resources of the attacked device may be depleted.
second vulnerability may consume all interface descriptor blocks on the affected device because
those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly
exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at
•
CSCea22552
GRE implementation of Cisco IOS is compliant with RFC2784 and RFC2890 and backward
compatible with RFC1701.
compatible with RFC1701.
As an RFC compliancy this DDTS adds the check for bits 4-5 (0 being the most significant) of GRE
header.
header.
This issue does not cause any problem for router operation.