Примечания к выпуску для Cisco Cisco IOS Software Release 12.2
363
Caveats for Cisco IOS Release 12.2
OL-3513-16 Rev. G0
Resolved Caveats—Cisco IOS Release 12.2(12i); Basic System Services
•
Conditions
:
The conditions under which the caveat has been known to occur.
•
Workaround
:
Solutions, if available, to counteract the caveat.
Basic System Services
•
CSCed44414
Symptoms: When the slave RSP crashes, a QAERROR is observed in the master console, resulting
in a cbus complex. The cbus complex will reload all the VIPs in the router.
in a cbus complex. The cbus complex will reload all the VIPs in the router.
Conditions: This symptom happens when the slave crashes in a period when there is a large number
of packets going towards the RSP. A large number of packets go to the RSP when CEF switching is
configured or when routing protocol updates are numerous.
of packets going towards the RSP. A large number of packets go to the RSP when CEF switching is
configured or when routing protocol updates are numerous.
Workaround: There is no workaround.
Miscellaneous
•
CSCed45746
Symptoms: Several prefixes for non-redistributed connected interfaces in different VRFs may be
partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these
VRFs.
partially bound to the same MPLS-VPN label, thus disrupting traffic bound to one or more of these
VRFs.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS
Release 12.2(6f)M1 and Release 12.2(12f). The symptom appears after flapping on the VRF
interfaces.
Release 12.2(6f)M1 and Release 12.2(12f). The symptom appears after flapping on the VRF
interfaces.
Workaround: Clear the routes in the VRFs in sequence.
•
CSCed27956
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
and it describes this
vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
software is available at