Примечания к выпуску для Cisco Cisco IOS Software Release 12.4(4)T
1182
Caveats for Cisco IOS Release 12.4T
OL-8003-09 Rev. Z0
Resolved Caveats—Cisco IOS Release 12.4(6)T11
•
Symptoms—A description of what is observed when the caveat occurs.
•
Conditions—The conditions under which the caveat has been known to occur.
•
Workaround—Solutions, if available, to counteract the caveat.
IP Routing Protocols
•
CSCee72997
Cisco IOS devices that are configured for Internet Key Exchange (IKE) protocol and certificate
based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1 security associations (SA) and
prevent the establishment of new IPsec sessions. Cisco has released free software updates that
address this vulnerability. This advisory is posted at
based authentication are vulnerable to a resource exhaustion attack. Successful exploitation of this
vulnerability may result in the allocation of all available Phase 1 security associations (SA) and
prevent the establishment of new IPsec sessions. Cisco has released free software updates that
address this vulnerability. This advisory is posted at
•
CSCek76776
Symptoms: The configuration of a deleted subinterface may show up on a new subinterface and may
cause a traffic outage.
cause a traffic outage.
Conditions: This symptom is observed on a Cisco router that has IP interface commands enabled
when a script adds and deletes ATM subinterfaces on a regular basis.
when a script adds and deletes ATM subinterfaces on a regular basis.
Workaround: Verify the subinterface configuration. When the configuration of a subinterface cannot
be deleted, delete the subinterface, and then create a dummy subinterface that will pull the
configuration that could not be deleted. Then re-create the first subinterface with a new
configuration.
be deleted, delete the subinterface, and then create a dummy subinterface that will pull the
configuration that could not be deleted. Then re-create the first subinterface with a new
configuration.
•
CSCsi17020
A series of segmented Skinny Call Control Protocol (SCCP) messages may cause a Cisco IOS device
that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support
feature to reload.
that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support
feature to reload.
Cisco has released free software updates that address this vulnerability. A workaround that mitigates
this vulnerability is available.
this vulnerability is available.
This advisory is posted at
.
•
CSCsi68963
Symptoms: A Cisco 7200P router crashes while removing an IPv6 Protocol Independent Multicast
(PIM) bootstrap router (BSR) candidate from the configuration.
(PIM) bootstrap router (BSR) candidate from the configuration.
Conditions: This symptom is observed when an IPv6 PIM BSR candidate is unconfigured.
Workaround: There is no workaround.
Further Problem Description: After RP information is learned on all of the routers, delete the ACL
first and then the BSR candidate.
first and then the BSR candidate.
•
CSCsj85065
A Cisco IOS device may crash while processing an SSL packet. This can happen during the
termination of an SSL-based session. The offending packet is not malformed and is normally
received as part of the packet exchange.
termination of an SSL-based session. The offending packet is not malformed and is normally
received as part of the packet exchange.
Cisco has released free software updates that address this vulnerability.
Aside from disabling affected services, there are no available workarounds to mitigate an exploit of
this vulnerability.
this vulnerability.