Table Of Contents
Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E
Current Release Image Names for ATM Modules
Software Releases and Orderable Product Number Matrix
Usage Guidelines and Restrictions
New Features in Release 12.1(27b)E4
New Features in Release 12.1(27b)E3
New Features in Release 12.1(27b)E2
New Features in Release 12.1(27b)E1
New Features in Release 12.1(27b)E
New Features in Release 12.1(26)E9
New Features in Release 12.1(26)E8
New Features in Release 12.1(26)E7
New Features in Release 12.1(26)E6
New Features in Release 12.1(26)E5
New Features in Release 12.1(26)E4
New Features in Release 12.1(26)E3
New Features in Release 12.1(26)E2
New Features in Release 12.1(26)E1
New Features in Release 12.1(26)E
New Features in Release 12.1(23)E4
New Features in Release 12.1(23)E3
New Features in Release 12.1(23)E1
New Features in Release 12.1(23)E
New Features in Release 12.1(22)E6
New Features in Release 12.1(22)E4
New Features in Release 12.1(22)E1
New Features in Release 12.1(22)E
New Features in Release 12.1(20)E6
New Features in Release 12.1(20)E3
New Features in Release 12.1(20)E1
New Features in Release 12.1(20)E
New Features in Release 12.1(19)E2
New Features in Release 12.1(19)E
New Features in Release 12.1(14)E4
New Features in Release 12.1(14)E1
New Features in Release 12.1(13)E
New Features in Release 12.1(12c)E1
New Features in Release 12.1(12c)E
New Features in Release 12.1(11b)E12
New Features in Release 12.1(11b)E11
New Features in Release 12.1(11b)E
New Features in Release 12.1(10)E5
New Features in Release 12.1(10)E4
New Features in Release 12.1(10)E
New Features in Release 12.1(8a)E
New Features in Release 12.1(7a)E5
New Features in Release 12.1(6)E8
New Features in Release 12.1(5c)E12
New Features in Release 12.1(5c)E10
New Features in Release 12.1(5a)E3
New Features in Release 12.1(4)E2
New Features in Release 12.1(2)E2
New Features in Release 12.1(2)E1
New Features in Release 12.0(5)XS2
Open Caveats in Release 12.1(27b)E4
Resolved Caveats in Release 12.1(27b)E4
Open Caveats in Release 12.1(27b)E3
Resolved Caveats in Release 12.1(27b)E3
Open Caveats in Release 12.1(27b)E2
Resolved Caveats in Release 12.1(27b)E2
Open Caveats in Release 12.1(27b)E1
Resolved Caveats in Release 12.1(27b)E1
Open Caveats in Release 12.1(27b)E
Resolved Caveats in Release 12.1(27b)E
Open Caveats in Release 12.1(26)E9
Resolved Caveats in Release 12.1(26)E9
Open Caveats in Release 12.1(26)E8
Resolved Caveats in Release 12.1(26)E8
Open Caveats in Release 12.1(26)E7
Resolved Caveats in Release 12.1(26)E7
Open Caveats in Release 12.1(26)E6
Resolved Caveats in Release 12.1(26)E6
Open Caveats in Release 12.1(26)E5
Resolved Caveats in Release 12.1(26)E5
Open Caveats in Release 12.1(26)E4
Resolved Caveats in Release 12.1(26)E4
Open Caveats in Release 12.1(26)E3
Resolved Caveats in Release 12.1(26)E3
Open Caveats in Release 12.1(26)E2
Resolved Caveats in Release 12.1(26)E2
Open Caveats in Release 12.1(26)E1
Resolved Caveats in Release 12.1(26)E1
Open Caveats in Release 12.1(26)E
Resolved Caveats in Release 12.1(26)E
Open Caveats in Release 12.1(23)E4
Resolved Caveats in Release 12.1(23)E4
Open Caveats in Release 12.1(23)E3
Resolved Caveats in Release 12.1(23)E3
Open Caveats in Release 12.1(23)E1
Resolved Caveats in Release 12.1(23)E1
Open Caveats in Release 12.1(23)E
Resolved Caveats in Release 12.1(23)E
Open Caveats in Release 12.1(22)E6
Resolved Caveats in Release 12.1(22)E6
Open Caveats in Release 12.1(22)E4
Resolved Caveats in Release 12.1(22)E4
Open Caveats in Release 12.1(22)E1
Resolved Caveats in Release 12.1(22)E1
Open Caveats in Release 12.1(22)E
Resolved Caveats in Release 12.1(22)E
Open Caveats in Release 12.1(20)E6
Resolved Caveats in Release 12.1(20)E6
Open Caveats in Release 12.1(20)E3
Resolved Caveats in Release 12.1(20)E3
Open Caveats in Release 12.1(20)E1
Resolved Caveats in Release 12.1(20)E1
Open Caveats in Release 12.1(20)E
Resolved Caveats in Release 12.1(20)E
Open Caveats in Release 12.1(19)E2
Resolved Caveats in Release 12.1(19)E2
Open Caveats in Release 12.1(19)E
Resolved Caveats in Release 12.1(19)E
Open Caveats in Release 12.1(14)E4
Resolved Caveats in Release 12.1(14)E4
Open Caveats in Release 12.1(14)E1
Resolved Caveats in Release 12.1(14)E1
Open Caveats in Release 12.1(13)E
Resolved Caveats in Release 12.1(13)E
Open Caveats in Release 12.1(12c)E1
Resolved Caveats in Release 12.1(12c)E1
Open Caveats in Release 12.1(12c)E
Resolved Caveats in Release 12.1(12c)E
Open Caveats in Release 12.1(11b)E12
Resolved Caveats in Release 12.1(11b)E12
Open Caveats in Release 12.1(11b)E11
Resolved Caveats in Release 12.1(11b)E11
Open Caveats in Release 12.1(11b)E
Resolved Caveats in Release 12.1(11b)E
Open Caveats in Release 12.1(10)E5
Resolved Caveats in Release 12.1(10)E5
Open Caveats in Release 12.1(10)E4
Resolved Caveats in Release 12.1(10)E4
Open Caveats in Release 12.1(10)E
Resolved Caveats in Release 12.1(10)E
Open Caveats in Release 12.1(8b)E13
Resolved Caveats in Release 12.1(8b)E13
Open Caveats in Release 12.1(8a)E
Resolved Caveats in Release 12.1(8a)E
Open Caveats in Release 12.1(7a)E5
Resolved Caveats in Release 12.1(7a)E5
Open Caveats in Release 12.1(6)E8
Resolved Caveats in Release 12.1(6)E8
Open Caveats in Release 12.1(5c)E12
Resolved Caveats in Release 12.1(5c)E12
Open Caveats in Release 12.1(5c)E10
Resolved Caveats in Release 12.1(5c)E10
Open Caveats in Release 12.1(5a)E3
Resolved Caveats in Release 12.1(5a)E3
Open Caveats in Release 12.1(4)E2
Resolved Caveats in Release 12.1(4)E2
Open Caveats in Release 12.1(2)E2
Resolved Caveats in Release 12.1(2)E2
Open Caveats in Release 12.1(2)E1
Resolved Caveats in Release 12.1(2)E1
Open Caveats in Release 12.0(5)XS2
Resolved Caveats in Release 12.0(5)XS2
Obtaining Documentation and Submitting a Service Request
Release Notes for Catalyst 6500 Series ATM Modules Cisco IOS Release 12.1E
March 4, 2008
Current Release: 12.1(27b)E4
Previous Releases:
12.1(27b)E3, 12.1(27b)E2, 12.1(27b)E1, 12.1(27b)E, 12.1(26)E9, 12.1(26)E8, 12.1(26)E7, 12.1(26)E6, 12.1(26)E5, 12.1(26)E4, 12.1(26)E3, 12.1(26)E2, 12.1(26)E1, 12.1(26)E, 12.1(23)E3, 12.1(23)E1, 12.1(23)E, 12.1(22)E6, 12.1(22)E4, 12.1(22)E1, 12.1(22)E1, 12.1(22)E, 12.1(20)E6, 12.1(20)E3, 12.1(20)E1, 2.1(20)E, 12.1(19)E2, 12.1(19)E, 12.1(14)E4, 12.1(14)E1, 12.1(13)E, 12.1(12c)E, 12.1(11b)E11, 12.1(11b)E, 12.1(10)E5, 12.1(10)E4, 12.1(10)E, 12.1(8a)E, 12.1(7a)E5, 12.1(6)E8, 12.1(5c)E12, 12.1(5c)E10, 12.1(5a)E3, 12.1(4)E2, 12.1(2)E2, 12.1(2)E1, and 12.0(5)XS2The most current release notes for Cisco IOS Release 12.1E are available on Cisco.com:
CautionMPOA does not work in Cisco IOS Release 12.1(4)E2 on the Catalyst 6500 series ATM platform.
This publication describes all the Catalyst 6500 series ATM modules in Cisco IOS Release 12.1E.
These modules are supported in Cisco IOS Release 12.1E:
•
•
Table 1 lists the current release image names on Cisco.com for the Catalyst 6500 series ATM modules.
Note
This publication consists of these sections:
•
•
•
•
Early Deployment Releases
Cisco IOS Release 12.1 supports the Catalyst 6500 series switch ATM module. Release 12.1E is based on Release 12.1(1). All features and functionality in Releases 12.0(5)XS1, 12.0(5)XS, and 12.1(4)E2 are in Release 12.1E.
For more information about the Cisco IOS software release process, refer to Cisco IOS Releases: Product Bulletin 537 located on Cisco.com at this location:
http://www.cisco.com/warp/public/cc/cisco/mkt/ios/rel/prodlit/537_pp.htm
This publication does not describe features that are available in Release 12.1, Release 12.1 T, or other Release 12.1 Early Deployment (ED) releases.
All caveats in Release 12.0(5)XS1 and Release 12.0(5)XS are also in Release 12.1(2)E3. For a list of the software caveats that apply to Release 12.1(2)E3, see the "Open and Resolved Caveats in Software Release 12.0(5)XS1" section on page 5, the Release Notes for Catalyst 6000 Family ATM Module Release 12.0(5)XS1 on Cisco.com, and the Caveats for Cisco IOS Release 12.1 document at this URL:
http://www.cisco.com/en/US/docs/ios/12_1/relnotes/crossplatform/release/notes/121mcavs.html
Current Release Image Names for ATM Modules
Table 1 lists the current release image names for the Catalyst 6500 series ATM modules.
Software Releases and Orderable Product Number Matrix
Table 2 lists the software releases and applicable ordering information for the Catalyst 6500 series ATM module software.
Usage Guidelines and Restrictions
This section describes the usage guidelines and restrictions for Cisco IOS Release 12.1E for the Catalyst 6500 series ATM module:
Note
Note
•
During bootup, you may see this message:
%ATMSSCOP-4-UNMATCHUNIVERSION:(ATM0):rcv non-0 NUU in BeginPdu at UNI 3.0.Please verify peer UNI version.The software will recover and negotiate again. No action is required.
•
Under certain conditions of heavy data traffic (sustained traffic greater than two thirds of OC-12 line rate) with a large number of Ethernet MACs in an ATM LANE network that result in many LE-ARP messages, the transmitter might encounter temporary buffer starvation leading to this error message:
## ATMDRV ERROR REPORT ## THost:Host Response Status: P1CMDS_GET_BUFFERS(44 or0x2c) Response Status = P1CMDS_STATUS_NO_BUFS(7)Workaround: If you see these messages frequently, we recommend that you dedicate one OC-12 ATM module to LES/BUS traffic to reduce the amount of control and data traffic on any one particular module transmitter.
•
On the Catalyst 6500 series ATM modules that are running Release 12.1(4)E2 and have QoS-enabled LAN Emulation Clients (LECs), a new QoS VCC may not be established if you change the QoS parameters in the QoS database.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
On the Catalyst 6500 series ATM modules running Cisco IOS Release 12.1(4)E with QoS-enabled LECs, when moving the LECs from QoS capable mode to non-QoS capable modes, it is possible that the LECs will continue to use the UBR+ VCC and will not revert to the UBR VCC.
Workaround: Enter the clear cam dynamic vlanid command on the Catalyst 6500 series switch.
•
The supervisor engine can reset the WS-X6101 module in a Catalyst 6500 series switch under extreme conditions, such as the following:
–
–
–
•
## ATMDRV ERROR REPORT ## THost:Host Response Status: P1CMDS_GET_BUFFERS(44 or0x2c) Response Status = P1CMDS_STATUS_NO_BUFS(7)Workaround: If you see this message frequently, we recommend that you dedicate one OC-12 ATM module to LES/BUS traffic to reduce the amount of control and data traffic on any one particular module transmitter.
•
When an LEC has been removed from an ELAN, it still appears to be up for approximately 30 seconds after removal. This delay is due to the Fast PHY switchover implementation.
When the LAN Emulation Configuration Server (LECS) is configured on an ATM module, you might see this message when you reload the module or when you enter the shutdown and no shutdown commands on the major interface:
LANE-3-LECS_ERROR:vc out of sync:updating old call parameters...This is an informational message and does not indicate a problem.
•
•
•
•
•
•
boot system flash bootflash: image name config-register 0x2After a reload, the ATM module boots with the image name that you specified.
Important Notes
Deferrals and field notices for the specified releases are located at the following URLs:
•
•
•
•
•
Software Image Download
This section describes the two methods for downloading a new image to the OC-12 ATM module:
•
•
To download an image from a TFTP server, at the OC-12 ATM module's console, enter the following command: copy tftp bootflash
You will be asked the following question:
Address or name of remote host []?Enter the IP address of the TFTP server.
Note
Erase bootflash:before copying? [confirm]Answer yes. This step is necessary due to an issue in which autoboot, which is enabled by default, boots the first image in the bootflash. If you do not erase the old image after downloading the new image, the old image will be booted.
To download an image from the supervisor engine PC card, perform this two-step process:
a.
b.
You will be asked the following question:
Erase bootflash:before copying? [confirm]Answer yes.
After the image is copied to the bootflash, boot the new image by entering the reload command.
New and Changed Information
New Features in Release 12.1(27b)E4
There are no new features in Release 12.1(27b)E4.
New Features in Release 12.1(27b)E3
There are no new features in Release 12.1(27b)E3.
New Features in Release 12.1(27b)E2
There are no new features in Release 12.1(27b)E2.
New Features in Release 12.1(27b)E1
There are no new features in Release 12.1(27b)E1.
New Features in Release 12.1(27b)E
There are no new features in Release 12.1(27b)E.
New Features in Release 12.1(26)E9
There are no new features in Release 12.1(26)E9.
New Features in Release 12.1(26)E8
There are no new features in Release 12.1(26)E8.
New Features in Release 12.1(26)E7
There are no new features in Release 12.1(26)E7.
New Features in Release 12.1(26)E6
There are no new features in Release 12.1(26)E6.
New Features in Release 12.1(26)E5
There are no new features in Release 12.1(26)E5.
New Features in Release 12.1(26)E4
There are no new features in Release 12.1(26)E4.
New Features in Release 12.1(26)E3
There are no new features in Release 12.1(26)E3.
New Features in Release 12.1(26)E2
There are no new features in Release 12.1(26)E2.
New Features in Release 12.1(26)E1
There are no new features in Release 12.1(26)E1.
New Features in Release 12.1(26)E
There are no new features in Release 12.1(26)E.
New Features in Release 12.1(23)E4
There are no new features in Release 12.1(23)E4.
New Features in Release 12.1(23)E3
There are no new features in Release 12.1(23)E3.
New Features in Release 12.1(23)E1
There are no new features in Release 12.1(23)E1.
New Features in Release 12.1(23)E
There are no new features in Release 12.1(23)E.
New Features in Release 12.1(22)E6
There are no new features in Release 12.1(22)E6.
New Features in Release 12.1(22)E4
There are no new features in Release 12.1(22)E4.
New Features in Release 12.1(22)E1
There are no new features in Release 12.1(22)E1.
New Features in Release 12.1(22)E
There are no new features in Release 12.1(22)E.
New Features in Release 12.1(20)E6
There are no new features in Release 12.1(20)E6.
New Features in Release 12.1(20)E3
There are no new features in Release 12.1(20)E3.
New Features in Release 12.1(20)E1
There are no new features in Release 12.1(20)E1.
New Features in Release 12.1(20)E
There are no new features in Release 12.1(20)E.
New Features in Release 12.1(19)E2
There are no new features in Release 12.1(19)E2.
New Features in Release 12.1(19)E
There are no new features in Release 12.1(19)E.
New Features in Release 12.1(14)E4
There are no new features in Release 12.1(14)E4.
New Features in Release 12.1(14)E1
There are no new features in Release 12.1(14)E1.
New Features in Release 12.1(13)E
There are no new features in Release 12.1(13)E.
New Features in Release 12.1(12c)E1
There are no new features in Release 12.1(12c)E1.
New Features in Release 12.1(12c)E
There are no new features in Release 12.1(12c)E.
New Features in Release 12.1(11b)E12
There are no new features in Release 12.1(11b)E12.
New Features in Release 12.1(11b)E11
There are no new features in Release 12.1(11b)E11.
New Features in Release 12.1(11b)E
There are no new features in Release 12.1(11b)E.
New Features in Release 12.1(10)E5
There are no new features in Release 12.1(10)E5.
New Features in Release 12.1(10)E4
There are no new features in Release 12.1(10)E4.
New Features in Release 12.1(10)E
This section describes the new features in Release 12.1(10)E:
•
Jumbo frame support is provided for the Catalyst 6500 series ATM module (WS-X6101). Configuring the MTU size on the subinterface does not affect the maximum frame size that can be transferred on a Catalyst 6500 series ATM module. The maximum frame size (9218 bytes) is initialized when the module comes up and will not change when the MTU size changes using the CLI.
To bridge the jumbo frames, the feature should be enabled for the ATM module on the supervisor engine by using the set port jumbo mod/port command.
The PVCs on the ATM module can bridge frame size up to 9218 bytes. LECs also transfer frame size up to 9218 bytes. Interoperability issues may arise if the Catalyst 6500 series ATM module interacts with devices not supporting jumbo frames. The jumbo frame feature should not be enabled for the ATM module to interoperate with devices not supporting jumbo frames.
New Features in Release 12.1(8a)E
There are no new features in Release 12.1(8a)E.
New Features in Release 12.1(7a)E5
There are no new features in Release 12.1(7a)E5.
New Features in Release 12.1(6)E8
There are no new features in Release 12.1(6)E8.
New Features in Release 12.1(5c)E12
There are no new features in Release 12.1(5c)E12.
New Features in Release 12.1(5c)E10
There are no new features in Release 12.1(5c)E10.
New Features in Release 12.1(5a)E3
There are no new features in Release 12.1(5a)E3.
New Features in Release 12.1(4)E2
This section describes the new LANE QoS feature in Release 12.1(4)E2:
•
The LANE Quality of Service (QoS) feature provides the capability to differentiate multiple classes of traffic. Traffic class differentiation is achieved by creating (multiple) VCCs with the desired QoS parameters. When the prioritized traffic is received, LEC forwards it on a VCC with matching QoS parameters.
LANE QoS supports the creation of Unspecified Bit Rate+ (UBR+) VCCs. A UBR+ VCC is a UBR VCC for which minimum cell rate (MCR) is guaranteed by the switch. If the switch cannot guarantee the rate you have specified for the UBR+ VCC, the LEC will revert to UBR with no MCR guarantee.
You can enable or disable the LANE QoS feature on a per-LEC basis by entering the qos option in the lane client command. The same ELAN can contain both QoS-capable and non-QoS capable LECs.
Note
On the Catalyst 6500 series ATM platform, the routed packet is classified by the class of service (CoS) value before it is handed over to the LANE. The LEC determines the VCC based on the packets' CoS. The CoS to VCC mapping is determined by the user configuration. Non-IP traffic and bridged traffic streams are always sent over the UBR+ VCC.
The Switched Port Analyzer (SPAN) feature will be added in a future maintenance release.
New Features in Release 12.1(2)E2
There are no new features in Release 12.1(2)E2.
New Features in Release 12.1(2)E1
There are no new features in Release 12.1(2)E1.
New Features in Release 12.0(5)XS2
There are no new features in Release 12.0(5)XS2.
Caveats
These sections describe the open and resolved caveats for the Cisco IOS software in Catalyst 6500 series ATM modules:
Release 12.1(27b)E4
These sections describe the open and resolved caveats in Release 12.1(27b)E4:
•
•
Open Caveats in Release 12.1(27b)E4
None.
Resolved Caveats in Release 12.1(27b)E4
Resolved Caveats for Product `all' and Component `dlsw'
•
Cisco IOS contains multiple vulnerabilities in the Data-link Switching (DLSw) feature that may result in a reload or memory leaks when processing specially crafted UDP or IP Protocol 91 packets.
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a00809bb2a9.shtml
Resolved Caveats for Product `all' and Component `vpdn'
•
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution.
The first vulnerability is a memory leak that occurs as a result of PPTP session termination. The second vulnerability may consume all interface descriptor blocks on the affected device because those devices will not reuse virtual access interfaces. If these vulnerabilities are repeatedly exploited, the memory and/or interface resources of the attacked device may be depleted.
Cisco has made free software available to address these vulnerabilities for affected customers.
There are no workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a0080969862.shtml
Release 12.1(27b)E3
These sections describe the open and resolved caveats in Release 12.1(27b)E3:
•
•
Open Caveats in Release 12.1(27b)E3
None.
Resolved Caveats in Release 12.1(27b)E3
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/en/US/products/products_security_advisory09186a008089963b.shtml.
•
Release 12.1(27b)E2
These sections describe the open and resolved caveats in Release 12.1(27b)E2:
•
•
Open Caveats in Release 12.1(27b)E2
None.
Resolved Caveats in Release 12.1(27b)E2
•
Two crafted Protocol Independent Multicast (PIM) packet vulnerabilities exist in Cisco IOS software that may lead to a denial of service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml
•
•
•
•
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information.
Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a0080847c49.shtml.
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
This problem is resolved in Release 12.1(27b)E2. (CSCsb12598, CSCsb40304, CSCsd92405)
•
There are workarounds available for this vulnerability.
This advisory is posted at
http://www.cisco.com/en/US/products/products_security_advisory09186a00807bd128.shtml
This problem is resolved in Release 12.1(27b)E2. (CSCsf28840)
•
Release 12.1(27b)E1
These sections describe the open and resolved caveats in Release 12.1(27b)E1 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(27b)E1
None.
Resolved Caveats in Release 12.1(27b)E1
•
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at http://www.cisco.com/en/US/products/products_security_advisory09186a00809ac83b.shtml
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml
•
Cisco has made free software available to address this vulnerability for affected customers.
A Cisco Security Advisory for this vulnerability is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a00807f4139.shtml
This problem is resolved in Release 12.1(27b)E1. (CSCsd75273, CSCse52951)
Note
•
This vulnerability only applies to traffic destined to the Cisco IOS device. Traffic transiting the Cisco IOS device will not trigger this vulnerability.
Cisco has made free software available to address this vulnerability for affected customers.
This issue is documented as Cisco bug ID CSCek37177.
There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb0e4.shtml
This problem is resolved in Release 12.1(27b)E1. (CSCek37177)
•
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb157.shtml
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory: Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/en/US/products/products_security_advisory09186a00807cb157.shtml
This problem is resolved in Release 12.1(27b)E1 (CSCek26492)
•
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at:
http://www.cisco.com/en/US/products/products_security_advisory09186a008059e470.shtml
This problem is resolved in Release 12.1(27b)E1. (CSCsc64976)
•
Release 12.1(27b)E
These sections describe the open and resolved caveats in Release 12.1(27b)E for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(27b)E
None.
Resolved Caveats in Release 12.1(27b)E
•
Conditions: The router needs to receive a specially crafted GRE packet sent to the tunnel end-point. The outer IP packet must come from the configured tunnel source and be sent to the configured tunnel destination IP address Present Routed bit must be set to 1.
Workaround: Upgrade Cisco IOS to a version containing fixes for: CSCuk27655 or CSCea22552 or CSCei62762.
Further information: On the 6th September 2006, Phenoelit Group posted an advisory:
Cisco Systems IOS GRE decapsulation fault
Cisco's statement and further information are available on the Cisco public website at:
http://www.cisco.com/en/US/products/products_security_response09186a008072cd7b.html
This problem is resolved in Release 12.1(27b)E. (CSCei62762)
Release 12.1(26)E9
These sections describe the open and resolved caveats in Release 12.1(26)E9 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E9
None.
Resolved Caveats in Release 12.1(26)E9
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/en/US/products/products_security_advisory09186a008089963b.shtml.
•
Symptoms: Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.
Conditions: This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.
Workaround: As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:
config tip ssh version 1endAlternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:
10.1.1.0/24 is a trusted network that is permitted access to the router, all other access is denied
access-list 99 permit 10.1.1.0 0.0.0.255access-list 99 deny anyline vty 0 4access-class 99 inendFurther Problem Description:
For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cntrl_acc_vtl.html
For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document:
http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
•
Symptoms: Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions: This symptom is observed on a Cisco router that has the ip http secure server command enabled.
Workaround: Disable the ip http secure server command.
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/en/US/products/products_security_advisory09186a0080899653.shtml
•
•
Release 12.1(26)E8
These sections describe the open and resolved caveats in Release 12.1(26)E8 for the Catalyst 6500 series ATM modules:
•
•
Open Caveats in Release 12.1(26)E8
None.
Resolved Caveats in Release 12.1(26)E8
•
Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities. Workarounds are available for mitigating the impact of the vulnerabilities described in this document.
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities.
This advisory will be posted at http://www.cisco.com/en/US/products/products_security_advisory09186a00809ac83b.shtml
•
Guest
