Cisco Cisco IOS Software Release 12.4(2)XB6
11
Release Notes for the Cisco 1800 Series Fixed Routers for Cisco IOS Release 12.4(2)XA
OL-9451-01
Caveats
Symptoms: The maximum cef or fast switching capacity of PPPoE encapsulated packets on the
Cisco 181x platform can be significantly lower than for other encapsulations. This issue is typically
only noticed however under fairly extreme test conditions.
Cisco 181x platform can be significantly lower than for other encapsulations. This issue is typically
only noticed however under fairly extreme test conditions.
Conditions: This problem occurs when the following symptoms are present:
–
High traffic rate cef or fast switching on Cisco 181x platform
–
PPPoE encapsulation
Workaround: There is no workaround.
•
CSCsc25964: PPPoE dialer CEF VAI adjacency does not honor dialer ip mtu
Symptoms: A PPPoE client router does not honor the ip mtu command settings whey they are
configured on the PPPoE dialer interface when the IP MTU is different from the interface MTU.
configured on the PPPoE dialer interface when the IP MTU is different from the interface MTU.
Fragmentation of IP packets larger than the configured IP MTU will not happen, which can create
problems in a PPPoE environment.
problems in a PPPoE environment.
Conditions: This symptom occurs whenever a v-access is cloned from the dialer interface and could
be PPPoE, multilink or PPPoA.
be PPPoE, multilink or PPPoA.
Workaround: Configure the interface mtu command to the required value.
Open Caveats - Cisco IOS Release 12.4(2)XA1
There are no open caveats in this release.
Resolved Caveats - Cisco IOS Release 12.4(2)XA
This section documents possible unexpected behavior by Cisco IOS Release 12.4(2)XA and describes
only severity 1 and 2 caveats and selected severity 3 caveats.
only severity 1 and 2 caveats and selected severity 3 caveats.
•
CSCed27956: TCP checks should verify ack sequence number.
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
and it describes this
vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
software is available at
.