Cisco Cisco IOS Software Release 12.4(23) 릴리즈 노트
423
Caveats for Cisco IOS Release 12.4
OL-7656-15 Rev. J0
Resolved Caveats—Cisco IOS Release 12.4(10c)
Workaround: Apply the outbound ACL on the protected LAN interface instead of on the tunnel
interface.
interface.
•
CSCsh33430
Symptoms: A traceback may occur in an HSRP function and the platform may reload unexpectedly.
Conditions: This symptom is observed on a Cisco platform that has the HSRP Support for ICMP
Redirects feature enabled and occurs when a learned HSRP group is removed after a resign message
has been received.
Redirects feature enabled and occurs when a learned HSRP group is removed after a resign message
has been received.
Workaround: Disable the Support for ICMP Redirects feature by entering the no standby redirects
global configuration command.
global configuration command.
•
CSCsh39318
Symptoms: A router may crash when the configured route limit is exceeded. When this situation
occurs, the following error message is generated:
occurs, the following error message is generated:
%MROUTE-4-ROUTELIMIT (x1): [int] routes exceeded multicast route-limit of
[dec] - VRF [chars]
Conditions: This symptom is observed on a Cisco 10000 series that is configured for Multicast VPN
but is platform-independent.
but is platform-independent.
Workaround: There is no workaround.
•
CSCsh58082
Cisco devices running an affected version of Internetwork Operating System (IOS) which supports
Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the
device when receiving a specific series of packets destined to port 5060. This issue is compounded
by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for
SIP.
Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the
device when receiving a specific series of packets destined to port 5060. This issue is compounded
by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for
SIP.
There are no known instances of intentional exploitation of this issue. However, Cisco has observed
data streams that appear to be unintentionally triggering the vulnerability.
data streams that appear to be unintentionally triggering the vulnerability.
Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.
This advisory is posted at
.
•
CSCsh75827
Symptoms: When a router that has the ssg intercept dhcp command enabled receives a DHCP
packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM),
the router may unexpectedly reload because of a bus error.
packet from a host that has already logged out from a Subscriber Edge Services Manager (SESM),
the router may unexpectedly reload because of a bus error.
Conditions: This symptom is observed on a Cisco router that functions as an SSG with PBHK
enabled, when a host has received an IP address that is associated with a service (via the “J”
Service-Info attribute), has logged out from the SESM, and then renews its IP address.
enabled, when a host has received an IP address that is associated with a service (via the “J”
Service-Info attribute), has logged out from the SESM, and then renews its IP address.
Workaround: There is no workaround.
•
CSCsh92914
Symptoms: A router may unexpectedly reload when you attempt to open a reversed SSH connection
by using the SSHv1 protocol.
by using the SSHv1 protocol.
Conditions: This condition is observed on a Cisco router that runs Cisco IOS Release 12.4.
Workaround: Force the SSH transport to be SSHv2 by entering the ip ssh version 2 global
configuration command.
configuration command.