Cisco Cisco IOS Software Release 12.4(23)
822
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(3a)
IP Routing Protocols
•
CSCei06089
Symptoms: Conditional advertisement of the default route via a route map does not work when you
enter the neighbor default-originate command.
enter the neighbor default-originate command.
Conditions: This symptom is observed on a Cisco router that is configured for BGP.
Workaround: Disable the route map entirely. If this is not an option, there is no workaround.
•
CSCsb13988
Symptoms: A router that is configured for NAT may crash because of a bus error.
Conditions: This symptom is observed on a Cisco 7206VXR that runs Cisco IOS Release 12.3(9a)
but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an
H.323 RAS messages that does not contain an IP address.
but is not platform-specific. The crash occurs while NAT attempts to translate an IP address in an
H.323 RAS messages that does not contain an IP address.
Workaround: Disable H.323 RAS in NAT by entering the no ip nat service ras command. If you
must use H.323 RAS in NAT, there is no workaround.
must use H.323 RAS in NAT, there is no workaround.
Miscellaneous
•
CSCeh63526
Symptoms: A router crashes at the insp_inspection function.
Conditions: This symptom is observed when the inspection rule is removed and re-added to an
interface while traffic passes through the interface.
interface while traffic passes through the interface.
Workaround: There is no workaround.
•
CSCei37299
Symptoms: A VPN hub router may reload when you enter the clear crypto session remote
ip-address command.
ip-address command.
Conditions: This symptom is observed after a remote peer disconnects ungracefully (that is, the peer
is suddenly powered-off or the LAN cable is disconnected) and immediately reconnects to the VPN
hub router with a different public address.
is suddenly powered-off or the LAN cable is disconnected) and immediately reconnects to the VPN
hub router with a different public address.
Workaround: Do not enter the clear crypto session remote ip-address command. Rather, enter the
clear crypto sa command.
clear crypto sa command.
•
CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected
customers.
customers.
This advisory is posted at
•
CSCei79855
Symptoms: When Cisco IOS software is secured using “secure boot” commands and after
formatting the disk, the show disk command will not display the secured image and the
corresponding configurations in the output.
formatting the disk, the show disk command will not display the secured image and the
corresponding configurations in the output.
Conditions: This symptom occurs when securing the Cisco IOS software using the secure
boot-config and the secure boot- image commands and formatting the disk.
boot-config and the secure boot- image commands and formatting the disk.