Cisco Cisco Aironet 1310 Access Point Bridge
13
Release Notes for Cisco Aironet 1300 Series Outdoor Access Point/Bridge for Cisco IOS Release 12.3(4)JA1
OL-8216-01
Caveats
Resolved Caveats in Cisco IOS Release 12.3(4)JA1
The following caveat is resolved in Cisco IOS Release 12.3(4)JA1:
•
CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected
customers.
customers.
This advisory is posted at
•
CSCei76358—Through normal software maintenance processes, Cisco is removing depreciated
functionality. These changes have no impact on system operation or feature availability.
functionality. These changes have no impact on system operation or feature availability.
Resolved Caveats in Cisco IOS Release 12.3(4)JA
These caveats are resolved in Cisco IOS Release 12.3(4)JA for the access point/bridge:
•
CSCee90230—Traceback no longer occurs at reboot when access point is configured for TACACS+
administrator authentication.
administrator authentication.
•
CSCeb82510—You can now configure authentication, authorization, and accounting (AAA)
methods for telnet and HTTP independent of the console.
methods for telnet and HTTP independent of the console.
•
CSCec12884—The AAA user command authorization no longer fails through HTTP access.
•
CSCee42617—Users are now correctly authenticated through the RADIUS server, and accounting
information is sent to the RADIUS server.
information is sent to the RADIUS server.
•
CSCee87287—Access points no longer fail to generate accounting records when a wireless client is
re-authenticated on an automatic interval (for example, when the access point is configured using
the dot1x reauthentication seconds command).
re-authenticated on an automatic interval (for example, when the access point is configured using
the dot1x reauthentication seconds command).
•
CSCef11167—Response value of 4294967292 when polling Dot11ActiveWireless Clients via
SNMP no longer occurs.
SNMP no longer occurs.
•
CSCef45010—The GUI now performs normally when half duplex and a specified speed are part of
its configuration.
its configuration.
•
CSCef60659—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages. 2. Attacks that use ICMP “fragmentation needed
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.