Примечания к выпуску для Cisco Cisco Aironet 1310 Access Point Bridge
15
Release Notes for Cisco Aironet 1310 Outdoor Access Point/Bridge for Cisco IOS Release 12.3(2)JA5
OL-8218-01
Caveats
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
CSCef66724—The access point/bridge no longer loses packets due to encryption errors with
WPAv2/PSK and concatenation enabled.
WPAv2/PSK and concatenation enabled.
•
CSCef70234—When the access point is configured to select the least-congested channel at start-up,
the access point now selects the least-congested channel.
the access point now selects the least-congested channel.
•
CSCef71351—When CDP is enabled on a radio interface with VLANs configured, the radio output
drop counter no longer incorrectly increments when the access point sends a CDP packet.
drop counter no longer incorrectly increments when the access point sends a CDP packet.
•
CSCef75475—When an access point reboots and reloads, the reason for the reboot is now included
in the output for the show version command and stack information is included in the output for the
show stack command.
in the output for the show version command and stack information is included in the output for the
show stack command.
•
CSCef87205—Problems with the following SNMP MIB object identifiers in the
CISCO-DOT11-SSID-SECURITY-MIB have been resolved:
CISCO-DOT11-SSID-SECURITY-MIB have been resolved:
–
cdot11SecAuxSsidVlanName
–
cdot11SecSsidInformationElement
–
cdot11SecSsidRedirectFilter
–
cdot11SecAuxSsidWirelessNetId
–
cdot11SecAuxSsidAuthKeyMgmtOpt
–
cdot11SecAuxSsidLoginUsername
–
cdot11SecAuxSsidInfraStruct
–
cdot11SecSsidRedirectDestAddr
–
cdot11SecAuxSsid
–
cdot11SecAuxSsidWpaPsk
–
cdot11SecVlanName
•
CSCef90780—Access points now correctly retrieve a configuration file using TFTP even when the
initial response from the DHCP server is delayed.
initial response from the DHCP server is delayed.
•
CSCef95164—ARP caching no longer disrupts transmission of UDP packets.
•
CSCef95472—Symbol client devices no longer have difficulty communicating with the 802.11b
radio in an access point after being asscoiated for a period of several weeks.
radio in an access point after being asscoiated for a period of several weeks.