Cisco Cisco IOS Software Release 12.4(2)XB6

This sections contains the following information:

There are no open caveats in this release.

CSCsh12480

Cisco IOS software configured for Cisco IOS firewall Application Inspection Control (AIC) with a 
HTTP configured application-specific policy are vulnerable to a Denial of Service when processing 
a specific malformed HTTP transit packet. Successful exploitation of the vulnerability may result in 
a reload of the affected device.

Cisco has released free software updates that address this vulnerability.

A mitigation for this vulnerability is available. See the “Workarounds” section of the advisory for 
details.

This advisory is posted at 

http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml

.

CSCsg91306

Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS 
that can be exploited remotely to trigger a memory leak or to cause a reload of the Cisco IOS device.

Cisco has released free software updates that address these vulnerabilities. Fixed Cisco IOS 
software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities 
addressed in this advisory. 

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from 
disabling the protocol or feature itself, if administrators do not require the Cisco IOS device to 
provide voice over IP services. 

This advisory is posted at 

There are no open caveats in this release.

CSCec12299