Cisco Cisco Aironet 1200 Access Point
22
Release Notes for Cisco Aironet 350, 1100, 1130AG, 1200, and 1230AG Series Access Points for Cisco IOS Release 12.3(2)JA6
OL-10201-01
Caveats
Resolved Caveats in Cisco IOS Release 12.3(2)JA5
The following caveat is resolved in Cisco IOS Release 12.3(2)JA5:
•
CSCei61732
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
vulnerability. Cisco has included additional integrity checks in its software, as further described
below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected
customers.
customers.
This advisory is posted at
•
CSCei76358—Through normal software maintenance processes, Cisco is removing depreciated
functionality. These changes have no impact on system operation or feature availability.
functionality. These changes have no impact on system operation or feature availability.
Resolved Caveats in Cisco IOS Release 12.3(2)JA2
These caveats are resolved in Cisco IOS Release 12.3(2)JA2:
•
CSCea72719—An access point configured as the WDS device no longer uses up all UDP ports for
RADIUS accounting.
RADIUS accounting.
•
CSCeb50727—Unpowered 1100 series access points manufactured after January, 2004 no longer
cause a loopback when connected to switches without loopback detection.
cause a loopback when connected to switches without loopback detection.
If your 1100 series access point was manufactured before January, 2004, the access point might
cause a loopback when the power is off and it is connected to a switch without loopback detection.
To avoid this problem, make sure loopback detection is enabled on the switch to which the access
point is connected. If your switch does not have loopback detection, disconnect the access point
from the switch when the access point power is off.
cause a loopback when the power is off and it is connected to a switch without loopback detection.
To avoid this problem, make sure loopback detection is enabled on the switch to which the access
point is connected. If your switch does not have loopback detection, disconnect the access point
from the switch when the access point power is off.
•
CSCee51985—Access points now correctly apply QoS priorities to DSCP-tagged packets.
•
CSCee90230—When the access point is configured for TACACS+ administrator authentication and
uses an IP address from the DHCP server, tracebacks no longer occur when the access point reboots.
uses an IP address from the DHCP server, tracebacks no longer occur when the access point reboots.
•
CSCef60659—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.