Cisco Cisco IOS Software Release 12.4(2)XB6
11
Release Notes for Cisco 2691 and Cisco 2600XM Series Routers with Cisco IOS Release 12.4(11)XJ
OL-12255-02
Caveats
Resolved Caveats - Cisco IOS Release 12.4(11)XJ6
CSCsh12480
Cisco IOS software configured for Cisco IOS firewall Application Inspection Control (AIC) with a
HTTP configured application-specific policy are vulnerable to a Denial of Service when processing
a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in
a reload of the affected device.
HTTP configured application-specific policy are vulnerable to a Denial of Service when processing
a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in
a reload of the affected device.
Cisco has released free software updates that address this vulnerability.
A mitigation for this vulnerability is available. See the “Workarounds” section of the advisory for
details.
details.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
.
CSCsg91306
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS
that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.
Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS
software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities
addressed in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from
disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.
disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to
provide voice over IP services.
This advisory is posted at
.
Open Caveats - Cisco IOS Release 12.4(11)XJ4
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(11)XJ4
CSCse56501
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be
subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP)
services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the
device. Packets that are routed throughout the router can not trigger this vulnerability. Successful
exploitation will prevent the interface from receiving any additional traffic. The only exception is
Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash.
Only the interface on which the vulnerability was exploited will be affected.
subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the
device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP)
services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the
device. Packets that are routed throughout the router can not trigger this vulnerability. Successful
exploitation will prevent the interface from receiving any additional traffic. The only exception is
Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash.
Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate
the effects of the vulnerability.
the effects of the vulnerability.
This advisory is posted at