Cisco Cisco IOS Software Release 12.4(4)T 릴리즈 노트
1344
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(4)T
IP Routing Protocols
•
CSCin95836
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that
can result in a restart of the device or possible remote code execution.
can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN)
feature.
feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation
(GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This
vulnerability affects all three methods of operation.
(GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This
vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and
CSCsi23231 for 12.2 mainline releases.
CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
Miscellaneous
•
CSCed94829
Multiple Cisco products contain vulnerabilities in the processing of IPSec IKE (Internet Key
Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure
Programming Group (OUSPG) “PROTOS” Test Suite for IPSec and can be repeatedly exploited to
produce a denial of service.
Exchange) messages. These vulnerabilities were identified by the University of Oulu Secure
Programming Group (OUSPG) “PROTOS” Test Suite for IPSec and can be repeatedly exploited to
produce a denial of service.
Cisco has made free software available to address this vulnerability for affected customers. Prior to
deploying software, customers should consult their maintenance provider or check the software for
feature set compatibility and known issues specific to their environment.
deploying software, customers should consult their maintenance provider or check the software for
feature set compatibility and known issues specific to their environment.
This advisory is posted at
.
•
CSCeh35254
Symptoms: A dynamically applied policy map may become detached from a VC.
Conditions: This symptom is observed when you change the queue depth for the VC class and apply
the new configuration to the VC while a session is active.
the new configuration to the VC while a session is active.
Workaround: There is no workaround.
•
CSCeh61857
Symptoms: You may not be able to configure anything under a non-DOT11 subinterface, not even
the IP address.
the IP address.
Conditions: This symptom is observed on Cisco 870 series, Cisco 2800 series, and
Cisco 3800 series, but may also affect other routers.
Cisco 3800 series, but may also affect other routers.
Workaround: There is no workaround.