Cisco Cisco Gigabit Ethernet Switch Module (CGESM) for HP
17
Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(44)SE and Later
464831-006
Resolved Caveats
•
CSCsr29468
Cisco IOS software contains a vulnerability in multiple features that could allow an attacker to cause
a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP
packets can cause the vulnerable device to reload.
a denial of service (DoS) condition on the affected device. A sequence of specially crafted TCP
packets can cause the vulnerable device to reload.
Cisco has released free software updates that address this vulnerability.
Several mitigation strategies are outlined in the workarounds section of this advisory.
This advisory is posted at
•
CSCsk64158
Symptoms: Several features within Cisco IOS software are affected by a crafted UDP packet
vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked
input queue on the inbound interface. Only crafted UDP packets destined for the device could result
in the interface being blocked, transit traffic will not block the interface.
vulnerability. If any of the affected features are enabled, a successful attack will result in a blocked
input queue on the inbound interface. Only crafted UDP packets destined for the device could result
in the interface being blocked, transit traffic will not block the interface.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the workarounds section of the
advisory. This advisory is posted at the following link:
advisory. This advisory is posted at the following link:
.
•
CSCso75640
When MAC authentication bypass (MAB) authentication fails, a memory leak no longer occurs.
•
CSCsq89564
When a VLAN is assigned for IEEE 802.1x authentication and no VLAN is assigned for other types
of authentication (such as user authentication or reauthentication), the 802.1x VLAN assignment no
longer persists across subsequent authentication attempts.
of authentication (such as user authentication or reauthentication), the 802.1x VLAN assignment no
longer persists across subsequent authentication attempts.
•
CSCsr54797
When the switch uses HTTP (web-based) authentication, a memory leak no longer occurs after
authorization and policy download.
authorization and policy download.
•
CSCsx42798
A switch no longer displays processor memory-allocation failure messages under these conditions:
–
The switch is running IOS release 12.2(44)SE4 or 12.2(44)SE5.
–
Authentication, authorization, and accounting (AAA) is configured on the switch.
–
Memory in the primary processor pool is depleted.
Note
If the hardware configuration is not a switch stack, AAA requests might fail and the switch might
experience high CPU usage for the authentication manager process. In addition, if the hardware
configuration is a switch stack and 802.1x, web authentication, or MAC address bypass (MAB)
are configured, the switch software might reload after reporting the memory-allocation failure.
experience high CPU usage for the authentication manager process. In addition, if the hardware
configuration is a switch stack and 802.1x, web authentication, or MAC address bypass (MAB)
are configured, the switch software might reload after reporting the memory-allocation failure.
This is resolved in Cisco IOS 12.2(44)SE6 and later.