Cisco Cisco Catalyst Blade Switch 3020 for HP 發佈版本通知
17
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(25)SEF1 and Later
OL-8918-03
Open Caveats
Resolved Caveats
This sections describes the caveats that have been resolved in these releases:
•
•
Resolved Caveats in Cisco IOS Release 12.2(25)SEF1 and Later
This section describes the caveats that have been resolved in Cisco IOS Release 12.2(25)SEF1 and later.
•
CSCsf04754
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network
Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of
network information or may enable an attacker to perform configuration changes to vulnerable
devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is
impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when
processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of
network information or may enable an attacker to perform configuration changes to vulnerable
devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is
impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the
vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability
Note VU#878044 to these vulnerabilities.
Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to
these vulnerabilities.
these vulnerabilities.
This advisory will be posted at
•
CSCsg70355
Date changes in Daylight Savings Time in 2007 might no longer cause Cisco IOS to generate
timestamps, such as in syslog messages, that are inaccurate by 1 hour.
timestamps, such as in syslog messages, that are inaccurate by 1 hour.
Resolved Caveats in Cisco IOS Release 12.2(25)SEF1
This section describes the caveats that have been resolved in Cisco IOS Release 12.2(25)SEF1.
•
CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in
Cisco Security Advisory: Crafted IP Option Vulnerability:
Cisco Security Advisory: Crafted IP Option Vulnerability:
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS
are not at risk of crash if CSCec71950 has been resolved in the software.
are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml