Cisco ASA Interim Release Notes

 

The software images listed below are Interim releases.  They contain bug fixes which address specific issues found since the last Feature or Maintenance release.  The images are fully supported by Cisco TAC and will remain on the download site only until the next Maintenance release is available. If you do not have a specific problem which is resolved by an Interim release, we recommend that you use the Feature or Maintenance release images.

 

Important:  These images were not fully regression tested.  Each individual fix was unit tested, and the image has had a limited amount of automated regression testing to confirm a baseline of functionality.  Keep this testing status in mind if you decide to run them in a production environment.  We strongly encourage you to upgrade to a fully tested Maintenance or Feature release when it becomes available.

 

Revision:  Version 8.0.5(31) – 03/14/2013

File:  asa805-31-k8.bin

Defects resolved since 8.0.5(28):

 

CSCuc72408

ASA 5580 page fault in thread CERT API during pki validation

CSCud16590

ASA may traceback in thread emweb/https

CSCud89974

flash in ASA5505 got corrupted

 

 

Revision:  Version 8.0.5(28) – 10/10/2012

File:  asa805-28-k8.bin

Defects resolved since 8.0.5(27):

 

CSCsd99542

Configure fail state link without IP addr causes LAND attack syslogs

CSCtf68934

Standby Unit not getting session replicated, rerr TCP and UDP increasing

CSCtw84068

DHCP Memory Allocation Denial of Service Vulnerability

CSCtz03292

ASA may reload with traceback related to SSH, PING, DHCP, or IPSEC

CSCtz43942

skinny-inspect intermittently uses odd port for RTP stream

 

 

Revision:  Version 8.0.5(27) – 02/29/2012

File:  asa805-27-k8.bin

Defects resolved since 8.0.5(25):

 

CSCte90946

Multi-context ASA Resets a connection from Flooded packet

CSCtn20148

EIGRP default-route is not displayed w/ "ip default-route" route removed

CSCtr47517

Protocol-Independent Multicast Denial of Service Vulnerability

CSCtr78703

ASA 8.4.2 http inspection might break certain flows intermittently

CSCts46366

Slow memory leak by skinny

CSCtt28062

ASA 8.0(4)32 memory leak related to aaa process

CSCtt74695

wrong vpn-filter gets applied when peers have overlapping address space

CSCtv19854

Incorrect MPF conn counts cause %ASA-3-201011 and DoS condition for user

CSCtx03464

Standby ASA traceback in DATAPATH-0-1400 or Dispatch Unit

CSCtx58556

ActiveX RDP Plugin fails to connect from WIn7 PC after upgrade to 8.4(3)

 

 

 

Revision:  Version 8.0.5(25) – 09/19/2011

File:  asa805-25-k8.bin

Defects resolved since 8.0.5(23):

 

CSCti11757

SNMP: ASA responds after two SNMP requests

CSCtk34526

SSH processes stuck in ssh_init state

CSCtk61443

OpenSSL Ciphersuite Downgrade and J-PAKE Issues

CSCtl10877

ASA reload in thread name rtcli when removing a plugin

CSCtl23397

ASA may log negative values for Per-client conn limit exceeded messg

CSCtl67486

ASA MSN Inspection Watchdog Crash

CSCtn08326

ESMTP Inspection Incorrectly Detects End of Data

CSCto40365

Crafted TACACS+ reply considered as successful auth by ASA

CSCto53199

Traceback with phone-proxy Thread Name: Dispatch Unit

CSCto92380

SunRPC inspection DUMP reply crash

CSCto92398

SunRPC inspection credential length crash

CSCtq06062

SunRPC inspection arithmetic overflow in parse_transport_address

CSCtq06065

SunRPC inspection arithmetic overflow in portmap code

CSCtq57697

ILS inspection traceback on malformed ILS traffic

 

 

Revision:  Version 8.0.5(23) – 02/06/2011

File:  asa805-23-k8.bin

Defects resolved since 8.0.5(20):

 

CSCta96306

clear crypto isakmp with high VPN load causes improper failover

CSCtc32872

TFW ENH: Management interface should operate in routed mode

CSCte79575

ASA: TFW sh fail output shows Normal(waiting) when Sec unit is act

CSCtf01287

SSH to the ASA may fail - ASA may send Reset

CSCtf20547

Cmd authorization fails for certain commands on fallback to LOCAL db

CSCtg86810

show run all command causes SSH session hang

CSCth26474

Inspection triggers block depletion resulting in traffic failure

CSCth74607

SMTP DATA packet ending with <CRLF>. wrongly considered as end of DATA

CSCth91572

per-client-max and conn-max does not count half-closed connections

CSCti20506

Transparent fw w/ASR group sets dstMAC to other ctx for last ACK for 3WH

CSCti22636

"failover exec standby" TACACS+ authorization failure

CSCti24526

Flood of random IPv6 router advertisements causes high CPU and DoS

CSCti35966

Traceback Thread Name: IKE Daemon Assert

CSCti38496

ASA SIP inspection does not rewrite with interface pat

CSCti43763

Management connection fail after multiple tries with SNMP connections.

CSCti62358

TFW mode regens cert every time 'no ip address' applied to mgmt int

CSCti76899

rtcli: traceback in rtcli async executor process, eip ci_set_mo

CSCti94480

Orphaned SSH sessions and High CPU

CSCti98855

Traceback in IKE Timekeeper

CSCtj20691

ASA traceback when using a file management on ASDM

CSCtj29076

ASR trans FW rewrites wrong dst. MAC when FO peers active on same ASA

CSCtj36804

Cut-through proxy sends wrong accounting stop packets

CSCtj93922

Standby unit sends ARP request with Active MAC during config sync

CSCtj96108

Group enumeration possible on ASA

CSCtj96230

H225 keepaplive ACK is dropped

 

 

Revision:  Version 8.0.5(20) – 08/27/2010

File:  asa805-20-k8.bin

Defects resolved since 8.0.5(13):

 

CSCsd99542

Configure fail state link without IP addr causes LAND attack syslogs

CSCso65967

SIP builds many secondary conns with register msg but no registrar

CSCtb20340

Removed ACL permits inbound packets

CSCtc20079

child flows created via established cmd torn down when parent is removed

CSCtc30025

PP: Incorrect Entry Installed in ASP Table for proxy-server command

CSCtc42215

ASA 8.2.1.4 traceback when webvpn capture is configured

CSCtc79922

MU sunrpc test for dump.call with truncated body cause traceback on

CSCtd27888

1-hour threat-detection enabled by "clear threat-detection rate"

CSCtd36422

TCP proxy in SIP inspection causing 1550 block deplete temporarily

CSCtd42963

threshold checking for average rate not working in threat-detection

CSCtd71913

WebVPN Application Access page not displayed if AES chosen

CSCtd86281

FTP download for files larger than 2GB doesn't work properly

CSCtd93962

NAT with ACL statements causing long time to reboot.

CSCtd94385

ASA: Unable to pass traffic through an Airlink router w DTLS enabled

CSCte64811

ASA 8.04 - certificate chain not being sent during rekey w/ IPSEC RA

CSCte69935

Beta Box assertion: snp_tcp_timeout_cb+0 at np/soft-np/snp_tcp_norm.c:82

CSCte72114

SSH process may exist after being orphaned from SSH session

CSCte80609

Actions attached to class class-default don't apply to traffic

CSCte85803

After failover, skinny message are decoded as SCCPv0 instead of SCCPv17

CSCtf13556

Slow memory leak in WebVPN related to CIFS cache

CSCtf22332

Thread Name: netfs_thread_init

CSCtf23469

ASA 8.0.5+ webvpn FTP bookmarks no longer will pass embedded user/pass

CSCtf24681

SNAP frames are sent from Management interface in Transparent mode ASA

CSCtf28464

Memory Leak In CIFS can casue memory depletion

CSCtf28466

ASA Fails to assign available addresses from local pool

CSCtf28467

Copy to disk0 without ":", prefills dest as disk0, cant delete/view file

CSCtf29867

Memory leak happens due to huge number of LDAP authentication failure

CSCtf33469

ASA 8.0.5 1550 block depletion with ASDM open

CSCtf46612

Option to change Pane Title missing from customization editor

CSCtf49095

ldap-dn password is in the clear within running config

CSCtf52703

ASA/w 4-GE-SSM shows module status unresponsive after power surge

CSCtf54034

DHCP learned route may not be removed at end of lease time

CSCtf55116

quiting "show controller" command with 'q' key triggers failover

CSCtf62302

RST sent over L2L is dropped by peer due to tcp-rstfin-ooo

CSCtf81810

OpenSSL Record of death

CSCtf96635

Removing HTTP server caused page fault traceback

CSCtg17779

Flows torndown over VPN tunnel log 302014 with Flow closed by inspection

CSCtg18674

RSA Crossrealm Authentication fails to authenticate  for vpn users

CSCtg25510

ASA tracebacks in Thread Name: IPsec message handler

CSCtg28821

ASA:  AAA Session limit [2048] reached when xauth is disabled for vpn

CSCtg45851

Traceback: CP Processing

CSCtg48603

ASA traceback in Thread Name: Dispatch Unit

CSCtg66583

ASA traceback in Thread Name: RIP Send

CSCtg80816

Clientless WebVPN: DWA 8.0.2 fails to forward attachments

CSCtg81514

Webvpn with Citrix - Xenapp upgrade from 11.2 to 12.0 breaks app access

CSCtg84635

PP: signaling sessions are not removed after phone disconnects

CSCth15152

Traceback typing "import webvpn webcontent /+CSCOU+/logon.inc stdin"

CSCth18720

Thread Name: lu_rx Page fault: Address not mapped

CSCth43128

ASA WebVPN : Forms don't get saved in CRM due to no pop-up

CSCth49826

Traceback in Unicorn Proxy Thread, address not mapped

CSCth63101

ASA  HTTP response splitting on /+CSCOE+/logon.html

CSCth68948

Memory not released after EZVPN client with cert fails authentication

 

 

Revision:  Version 8.0.5(13) – 03/30/2010

File:  asa805-13-k8.bin

Defects resolved since 8.0.5:

 

CSCsk03602

FT: workaround for read-only flashes

CSCsv73764

Unable to Browse to Domain Based DFS Namespaces

CSCsv96545

ASA is dropping arp on SSM-4GE

CSCsw85251

dhcp-network-scope ip that matches interface can cause route deletion

CSCsy10599

Radius Challenge not presented to anyconnect users at login

CSCsy56403

ASA stops accepting IP from DHCP when DHCP Scope option is configured

CSCsz48653

WARNING: The vlan id entered is not currently configured under any int

CSCsz62566

ASA 8.0(4) traceback in Dispatch Unit due to stack corruption

CSCsz70270

ASA: AnyConnect is allowed to connect twice with same assigned IP

CSCsz73955

MAC OSX: Smarttunnel applications don't use name resolution

CSCsz92808

ASA: Memory leak when secure desktop is enabled

CSCta02877

Traceback in unicorn thread (outway_buffer_i)

CSCta20344

DH group 5 freezes IKE processing for about 80ms

CSCta39767

Service resetinbound send RST unencrypted when triggered by vpn-filter

CSCta45256

WebVPN group-url with a trailing "/" treated differently

CSCta79938

Standby ASA reloading because unable to allocate ha msg buffer

CSCta93567

Need better error message for VLAN Mapping for NEM Clients not supported

CSCtb01577

ASA unable to assign IP address for VPN client from DHCP intermittently

CSCtb05956

ASA memory leak one-time ntlm authentication

CSCtb07020

Inspection with Messenger causes a traceback

CSCtb17539

Secondary language characters displayed on Web Portal

CSCtb18901

enable_15 user can execute some commands on fallback to LOCAL db.

CSCtb18940

8.2 Auto Signon domain parameter does not work with CIFS

CSCtb20340

Removed ACL permits inbound packets

CSCtb20506

Deleting group-policy removes auto-signon config in other group-policies

CSCtb23281

ASA: SIP inspect not opening pinhole for contact header of SIP 183 msg

CSCtb36994

tcp-intercept doesn't start 3WH to inside

CSCtb45354

ASA traceback thread name dispatch unit, assertion calendar_queue.h

CSCtb53186

Duplicate ASP crypto table entry causes firewall to not encrypt traffic

CSCtb57172

LDAP CRL Download Fails  due to empty attribute

CSCtb60778

Traceback in 'ci/console' when Failing Over with Phone Proxy Configured

CSCtb65464

ASA (8.2.1) traceback in dhcp_daemon

CSCtb69486

AAA session limit reached with cert-only authentication

CSCtc12240

Webvpn- rewrite : ASA inserts lang=VBScript incorrectly

CSCtc25115

RDP SSO doesn't send pass

CSCtc29220

On boot, TACACS server is marked FAILED if defined by DNS name

CSCtc33398

WebVPN: in DWA 8.5.1 404 occurs while email preview

CSCtc35058

Console hangs when trying to write mem or view config

CSCtc35096

Personalized Bookmarks do not account for authentication realms

CSCtc40891

memory leaks after anyconnect test with packet drops

CSCtc42064

ASA passes reset packets after a connection is closed

CSCtc43209

ASA traceback: Thread Name: IKE Daemon

CSCtc47782

Malformed IKE traffic causes rekey to fail

CSCtc48310

ASA: Traceback during NTLM authentication

CSCtc52217

Clientless WebVPN: Errors with DWA 8.5 (Domino Web Access / Notes)

CSCtc58632

SSM IPS sends TCP RST to wrong TCP seq number

CSCtc62281

When SAPI tcp-proxy buffer exceeding limit generates misleading syslog

CSCtc70548

WebVPN: Cisco Port Forwarder ActiveX  does not get updated automatically

CSCtc71135

SSL lib error. Function: DO_SSL3_WRITE while making cert only SSLVPN

CSCtc73117

DHCP Proxy -2s delay between consecutive DHCP lease renew after failover

CSCtc73833

Radius authentication fails after SDI new-pin or next-code challenge

CSCtc78636

asa https authentication (with/without listener) doesn't prompt

CSCtc81874

Traceback: CTM message handler - L2TP and crypto reset - stack overflow

CSCtc82010

vpnlb_thread traceback under low mem condition due to huge vpn acl

CSCtc82025

emweb/https traceback under low memory condition

CSCtc90093

WebVPN: Firefox users have issues searching with google

CSCtc93523

Traceback in Thread Name: SiteMinder SSO Request

CSCtc96018

ASA watchdog when inspecting malformed SIP traffic

CSCtc99553

Personal Bookmark using plugins won't use parameters other than the 1st

CSCtd00697

IMPORTANT TLS/SSL SECURITY UPDATE

CSCtd01979

Oversize SNMP poll may cause slow memory leak

CSCtd14917

Launching ASDM triggers ASA software traceback

CSCtd15605

assertion "t->stack[0] == STKINIT" failed: file "thread.c", line 743

CSCtd25685

New active member should send SNAP frames for MAC address table update

CSCtd28327

ASA not displaying pictures on the portal page

CSCtd28887

ASA: Webvpn CIFs does not refresh updated files

CSCtd29154

Traceback when CSR is generated

CSCtd30953

LDAP CRL Download Fails due to empty attribute pki-cro

CSCtd31831

ASA traceback in Thread Name: Checkheaps

CSCtd32984

SNAP frame with MAC address learned on management-only interface is sent

CSCtd33019

ASA traceback at dispatch unit

CSCtd35450

Excessive memory allocation for large routing tables

CSCtd36473

IPsec: Outbound context may be deleted prematurely

CSCtd43241

Traceback on secondary with SIP connection replication

CSCtd44433

ASA - 1550 block leaking due to email proxy

CSCtd50421

re-adding class in policy-map causes undesired behavior-see CSCte80609

CSCtd51042

ASA:  ip IPSec SA not brought up if similar icmp SA is up

CSCtd52211

ASA assert "new_flow->conn->conn_set == NULL" failed: file "snp_mcast.c"

CSCtd53356

ASA traceback when new DHCPD commands entered

CSCtd53390

TCP RSTs returned from inline IPS are dropped on multi-context ASA

CSCtd54025

Connection once entered into discard state and remains in discard state

CSCtd54252

traceback in checkheaps during backup of asa with smartcare appliance

CSCtd54583

ASA fails SSO authentication with Entrust GetAccess

CSCtd55032

ASA running 8.0.4.32 traceback in Thread Name: Dispatch Unit

CSCtd55346

Remove uninformative Peer Tbl remove messages

CSCtd56249

CTA does not respond for EAP from ASA 8.0.5 with NAC

CSCtd60720

Error event causes Syslog 199011 "Close on bad channel in process/fiber"

CSCtd74691

VPN session not replicate to Standby after Failover State Link failure

CSCtd86281

FTP download for files larger than 2GB doesn't work properly

CSCte05514

CA ServiceDesk hidden frame not showing

CSCte15462

Disable URL entry should only disable http/https

CSCte18319

ASA 8.0.5 snmp-server re-configuration can cause socket used messages

CSCte21219

Certificate authentication failing on ASA: incorrect key for validation

CSCte21953

ASA may allow authentication of an invalid username for NT auth

CSCte25741

ASA doesn't allow username length of <4 characters

CSCte38909

msgid in Language Localization are not synchronized

CSCte38942

SSL sockets stuck in CLOSE_WAIT status using webvpn

CSCte39708

Encoded error message issue in /+CSCOE+/logon.html

CSCte39982

Standby ASA tracebacks in Thread Name: vpnfol_thread_msg

CSCte42788

ASA anyconnect DTLS CONN is torn down when tftp error MSG  is rvd- CIPC

CSCte46239

Cookie being set improperly due to webvpn misreading firefox flags

CSCte55199

WebVPN Smart Tunnel failing for ProPalms Application

CSCte57663

VPN user cannot ping to inside interface with management-access config

CSCte65315

WebVPN user-storage does not work if user logon as DOMAIN\Username

CSCte80027

ASA 8.0(5) - "LU allocate connection failed"

CSCte92557

ASA HW client: deny rule for DHCP should account for remote subnets

CSCtf02322

ASA - Memory depleting 1% per day due to snmp-server ipsec configuration

CSCtf02712

Traceback in Dispatch Unit (Old pc 0x08180444 ebp 0xc793d980)