Release Notes for the Cisco 2800 Series Integrated Services Router for Cisco IOS Release 12.4(6)XE

Table Of Contents

Release Notes for Cisco 2800 Series Integrated Services Routers for Cisco IOS Release 12.4(6)XE

Contents

System Requirements

Memory Requirements

Hardware Supported

Determining the Software Version

Upgrading to a New Software Release

Feature Set Tables

New and Changed Information

New Hardware Features in Cisco IOS Release 12.4(6)XE

Cisco Cable Modem High-Speed WAN Interface Cards

New Software Features in Cisco IOS Release 12.4(6)XE

H.323 to SIP Supplementary Feature Internetworking for Session Border Controller (SBC)

New Software Features in Cisco IOS Release 12.4T

Limitations and Restrictions

Caveats

Resolved Caveats - Cisco IOS Release 12.4(6)XE3

Resolved Caveats - Cisco IOS Release 12.4(6)XE2

Resolved Caveats - Cisco IOS Release 12.4(6)XE1

Special Caveats and Updates

SIP Bugs in 12.4(6)XE

NHRP Bugs in IP Routing Protocols

SCP Bugs in 12.4(6)XE

IPv6 Bugs in 12.4(6)XE

Related Documentation

Release-Specific Documents

Platform-Specific Documents

Feature Navigator

Cisco IOS Software Documentation Set

Documentation Modules

Release 12.4 Documentation Set

Obtaining Documentation

Cisco.com

Product Documentation DVD

Ordering Documentation

Documentation Feedback

Cisco Product Security Overview

Reporting Security Problems in Cisco Products

Obtaining Technical Assistance

Cisco Technical Support & Documentation Website

Submitting a Service Request

Definitions of Service Request Severity

Obtaining Additional Publications and Information

Open Source License Acknowledgements

OpenSSL/Open SSL Project

License Issues

Release Notes for Cisco 2800 Series Integrated Services Routers for Cisco IOS Release 12.4(6)XE

---

August 8, 2007

Cisco IOS Release 12.4(6)XE3

OL-10715-02

These release notes describe new features and significant software components for Cisco 2800 series integrated services routers in Cisco IOS Release 12.4(6)XE releases. These release notes are updated as needed to describe new memory requirements, new features, new hardware support, software platform deferrals, microcode or modem code changes, related document changes, and any other important changes. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.4T located on Cisco.com in PDF or HTML format.

For a list of the software caveats that apply to Cisco IOS Release12.4(6)XE releases, see the "Caveats" section, and see the online Caveats for Cisco IOS Release 12.4T document. The caveats document is updated for every 12.4T maintenance release and is located on Cisco.com.

We recommend that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.

Contents

•System Requirements

•New and Changed Information

•Caveats

•Related Documentation

•Obtaining Technical Assistance

•Obtaining Additional Publications and Information

•Open Source License Acknowledgements

System Requirements

This section describes system requirements for Cisco IOS Release 12.4(6)XE and includes the following sections:

•Memory Requirements

•Hardware Supported

•Determining the Software Version

•Upgrading to a New Software Release

•Feature Set Tables

Memory Requirements

Table 1 lists memory requirements for Cisco IOS feature sets supported by Cisco IOS Release 12.4(6)XE on Cisco 2800 series integrated services routers.

Table 1 Memory Requirements for Cisco 2800 Series Integrated Services Routers  

Platform	Feature Set	Image	Flash Memory	DRAM
Cisco 2801	IP Base	c2801-ipbase-mz	64 MB	128 MB
	IP Voice	c2801-ipvoice-mz	64 MB	192 MB
	Enterprise Base	c2801-entbase-mz	32 MB	128 MB
	Advanced Security	c2801-advsecurityk9-mz	64 MB	192 MB
	SP Services	c2801-spservicesk9-mz	64 MB	192 MB
	Enterprise Services	c2801-entservicesk9-mz	64 MB	192 MB
	Advanced IP Services	c2801-advipservicesk9-mz	64 MB	192 MB
	Advanced Enterprise Services	c2801-adventerprisek9-mz	64 MB	192 MB
Cisco 2811	IP Base	c2811-ipbase-mz	64 MB	128 MB
	IP Voice	c2811-ipvoice-mz	64 MB	192 MB
	Enterprise Base	c2811-entbase-mz	32 MB	128 MB
	Advanced Security	c2811-advsecurityk9-mz	64 MB	192 MB
	SP Services	c2811-spservicesk9-mz	64 MB	192 MB
	Enterprise Services	c2811-entservicesk9-mz	64 MB	192 MB
	Advanced IP Services	c2811-advipservicesk9-mz	64 MB	192 MB
	Advanced Enterprise Services	c2811-adventerprisek9-mz	64 MB	192 MB
Cisco 2821	IP Base	c2821-ipbase-mz	64 MB	128 MB
	IP Voice	c2821-ipvoice-mz	64 MB	192 MB
	Enterprise Base	c2821-entbase-mz	32 MB	128 MB
	Advanced Security	c2821-advsecurityk9-mz	64 MB	192 MB
Cisco 2821	SP Services	c2821-spservicesk9-mz	64 MB	192 MB
	Enterprise Services	c2821-entservicesk9-mz	64 MB	192 MB
	Advanced IP Services	c2821-advipservicesk9-mz	64 MB	192 MB
	Advanced Enterprise Services	c2821-adventerprisek9-mz	64 MB	192 MB
Cisco 2851	IP Base	c2851-ipbase-mz	64 MB	128 MB
	IP Voice	c2851-ipvoice-mz	64 MB	192 MB
	Enterprise Base	c2851-entbase-mz	32 MB	128 MB
	Advanced Security	c2851-advsecurityk9-mz	64 MB	192 MB
	SP Services	c2851-spservicesk9-mz	64 MB	192 MB
	Enterprise Services	c2851-entservicesk9-mz	64 MB	192 MB
	Advanced IP Services	c2851-advipservicesk9-mz	64 MB	192 MB
	Advanced Enterprise Services	c2851-adventerprisek9-mz	64 MB	192 MB

Hardware Supported

Cisco IOS Release 12.4(6)XE supports the following Cisco 2800 series integrated services routers:

•Cisco 2801

•Cisco 2811

•Cisco 2821

•Cisco 2851

For descriptions of existing hardware features and supported modules, see the configuration guides and additional documents, which are available on Cisco.com at the following location:

http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html

or point your web browser to Cisco.com and follow this path:

Technical Support and Documentation: Documentation: Routers: Cisco 2800 Series Integrated Services Routers

Determining the Software Version

To determine which release of Cisco IOS software is currently running on your Cisco 2800 series integrated services router, log in to the router and enter the show version EXEC command. The following sample output from the show version command indicates the version number on the second output line.

router> show version

c2801-perf#sh ver 
Cisco IOS Software, C2801 Software (C2801-ADVENTERPRISEK9-M), Experimental Version  
Synched to technology version 12.4(6)XE 
Copyright (c) 1986-2006 by Cisco Systems, Inc.

Upgrading to a New Software Release

For general information about upgrading to a new software release, see the Software Installation and Upgrade Procedures, which are located on Cisco.com.

Feature Set Tables

Cisco IOS software is packaged in feature sets consisting of software images, which vary with the platform. Each feature set contains a specific set of Cisco IOS features. Cisco IOS Release 12.4(6)XE supports the same feature sets as Cisco IOS Release12.4T, as well as new features.

---

Caution Cisco IOS images with strong encryption (including, but not limited to, 168-bit [3DES] data encryption feature sets) are subject to United States government export controls and have limited distribution. Strong encryption images to be installed outside the United States may require an export license. Customer orders can be denied or subject to delay due to United States government regulations. When applicable, the purchaser or user must obtain local import and use authorizations for all encryption strengths. Please contact your sales representative or distributor for more information, or e-mail export@cisco.com.

---

Table 2 lists new features and feature sets in Cisco IOS Release 12.4(6)XE.

The table uses the following conventions:

•Yes—The feature is supported in the software image.

•No—The feature is not supported in the software image.

---

Note These feature set tables contain only a selected list of features, which are cumulative for Release 12.4(6)nn early deployment releases only (nn identifies each early deployment release). The tables do not list all features in each image. Additional features are listed in the Cross-Platform Release Notes for Cisco IOS Release 12.4T documentation.

---

Table 2 New Feature List for Cisco 2800 Series Integrated Services Routers

Feature	In	Image
Cisco Cable Modem High-Speed WAN Interface Cards	Yes	All. See Table 1 for images.
H.323 to SIP Supplementary Feature Internetworking for Session Border Controller (SBC)

New and Changed Information

The following sections describe new features supported by Cisco 2800 series integrated access routers in Cisco IOS Release 12.4(6)XE.

New Hardware Features in Cisco IOS Release 12.4(6)XE

The following section describes new hardware features for Cisco 800 series routers in Cisco IOS Release 12.4(6)XE.

Cisco Cable Modem High-Speed WAN Interface Cards

Cisco cable modem HWICs are configured automatically by the network (in compliance with DOCSIS provisioning specifications). The configuration file is defined and generated by the cable service provider and delivered over the WAN/DOCSIS network through the radio frequency (RF) interface on the Cisco cable modem HWIC installed in the router. The HWIC provides a path from the router to the service provider network-based DHCP server for host address assignment on the Cisco cable modem HWIC and on the WAN interface of the router.

---

Note Cisco cable modem HWICs are fully DOCSIS 2.0 compliant. For DOCSIS 2.0 requirements, see the CableLabs website at the following URL:
http://www.cablemodem.com/specifications/specifications20.html

---

Cisco cable modem HWICs provide the following features and benefits when used in a full-featured enterprise router:

•Quality of service (QoS) upstream flow control, integrating DOCSIS QoS with Cisco IOS software QoS and packet cable multi-media (PCMM) architecture QoS with Cisco IOS software QoS

•Leveraging Cisco IOS software to deliver advanced network services and applications

•Compression and decompression algorithms (codecs)

For more information about the Cisco cable modem HWIC, see Cisco Cable Modem High-Speed WAN Interface Cards Configuration Guide.

For information about connecting Cisco interface cards, see Connecting Cisco Cable Modem High-Speed WAN Interface Cards.

New Software Features in Cisco IOS Release 12.4(6)XE

The following sections describe new software features supported on Cisco 2800 series integrated services routers in Cisco IOS Release12.4(6)XE.

H.323 to SIP Supplementary Feature Internetworking for Session Border Controller (SBC)

This feature provides enhanced termination and re-origination of signaling and media between VoIP and video networks in conformance with RFC3261.

New H.323-to-SIP features available include the following:

•Support H.323-to-SIP Supplementary services for Cisco Unified CallManager with MTP on the H.323 Trunk.

•ILBC Codec Support

•Interworking between G.711 inband DTMF to RFC2833

•VXML 3.x support

•VXML support with SIP Notify

•New SIP-to-SIP features available include:

•Interworking between G.711 inband DTMF to RFC2833

For more information about this feature, see the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/vvfax_c/callc_c/h323_c/ipipgw/index.htm

New Software Features in Cisco IOS Release 12.4T

For information regarding the features supported in Cisco IOS Release 12.4T, see the Cross-Platform Release Notes and New Feature Documentation links at the following location on Cisco.com:

http://www.cisco.com/en/US/products/sw/iosswrel/tsd_products_support_category_home.html 

or point your web browser to Cisco.com and follow this path:

Technical Support & Documentation: Documentation: Cisco IOS Software: Cisco IOS Software Releases 12.4 T

Limitations and Restrictions

The Cisco IOS software version and feature set installed on the host router must be compatible with the cable modem HWIC.

Caveats

Caveats describe unexpected behavior or defects in Cisco IOS software releases. Severity 1 caveats are the most serious caveats, severity 2 caveats are less serious, and severity 3 caveats are the least serious of these three severity levels.

Caveats in Cisco IOS Release 12.4(6)T are also in Release 12.4(6)XE. For information on caveats in Cisco IOS Release 12.4T, see the Caveats for Cisco IOS Release 12.4T document. This document lists severity 1 and 2 caveats; the documents are located on Cisco.com.

---

Note If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Products and Services > Cisco IOS Software > Cisco IOS Software Releases 12.4 > Troubleshooting > Bug Toolkit. Another option is to go to http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.  (If the defect that you have requested cannot be displayed, this may be due to one or more of the following reasons: the defect number does not exist, the defect does not have a customer-visible description yet, or the defect has been marked Cisco Confidential.)  

---

This section contains the following caveat information:

•Resolved Caveats - Cisco IOS Release 12.4(6)XE3

•Resolved Caveats - Cisco IOS Release 12.4(6)XE2

•Resolved Caveats - Cisco IOS Release 12.4(6)XE1

•Special Caveats and Updates, page 9

Resolved Caveats - Cisco IOS Release 12.4(6)XE3

CSCec12299

Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.

Workarounds are available to help mitigate this vulnerability.

This issue is triggered by a logic error when processing extended communities on the PE device. This issue cannot be deterministically exploited by an attacker.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.

CSCse24889  Malformed SSH version 2 packets may cause processor memory depletion

Symptom    Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.

Conditions   This symptom is observed on a Cisco platform that is configured for SSH version 2 after it has received malformed SSHv2 packets.

Workaround   As an interim solution until the affected platform can be upgraded to a Cisco IOS software image that contains the fix for caveat CSCse24889, configure SSH version 1 from the global configuration mode, as in the following example:

config t

ip ssh version 1

end

Alternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:

10.1.1.0/24 is a trusted network that

is permitted access to the router, all

other access is denied

access-list 99 permit 10.1.1.0 0.0.0.255

access-list 99 deny any

line vty 0 4

access-class 99 in

end

Further Problem Description: For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter

For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document: http://www.cisco.com/warp/public/707/ssh.shtml

CSCse05736  A router running RCP can be reloaded with a specific packet

Symptom    A router that is running RCP can be reloaded by a specific packet.

Conditions   This symptom is seen under the following conditions:

•The router must have RCP enabled.

•The packet must come from the source address of the designated system configured to send RCP packets to the router.

•The packet must have a specific data content.

Workaround   Put access lists on the edge of your network blocking RCP packets to prevent spoofed RSH packets. Use another protocol such as SCP. Use VTY ACLs.

CSCsd92405  router crashed by repeated SSL connection with malformed finished 
message

Cisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device.

These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities:

•Processing ClientHello messages, documented as Cisco bug ID CSCsb12598

•Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304

•Processing Finished messages, documented as Cisco bug ID CSCsd92405

Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml

---

Note Another related advisory has been posted with this advisory. This additional advisory also describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml

---

A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007.

This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.

CSCsd85587  7200 Router crashes with ISAKMP Codenomicon test suite

A vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).

Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device.

These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. The vulnerable cryptographic library is used in the following Cisco products:

•Cisco IOS, documented as Cisco bug ID CSCsd85587

•Cisco IOS XR, documented as Cisco bug ID CSCsg41084

•Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999

•Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348

•Cisco Firewall Service Module CSCsi97695

This vulnerability is also being tracked by CERT/CC as VU#754281. Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml .

---

Note Note: Another related advisory is posted together with this Advisory. It also describes vulnerabilities related to cryptography that affect Cisco IOS.

---

A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle. shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007.

The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml

CSCse83555  Cisco IOS pauses indefinitely with a malformed ISAKMP message

Symptom    Cisco IOS pauses indefinitely or reloads unexpectedly with malformed ISAKMP messages.

Conditions   This problem affects the following IOS releases:

•12.4(8), 12.4(8a), and 12.4(8b)

•12.4(9)T, and 12.4(9)T1

•12.4(6)XE and 12.4(6)XE1

•12.4(9)MR

•12.4(9)XG

The IOS device must be configured to process IKE messages (which is the default), and must receive a malformed IKE message from a peer with valid credentials.

Workaround   There are no workarounds.

Further Information:    The crash occurs in Quick Mode which means that phase 1 must have been completed, which requires knowledge of the pre-shared key or having a valid certificate (depending on IKE phase 1 configuration.)

CSCsg03449  Etherswitch module VLAN Trunking Protocol Vulnerabilities

Symptom   

•VTP Version field DoS

•Integer Wrap in VTP revision

•Buffer Overflow in VTP VLAN name

Conditions   The packets must be received on a trunk enabled port.

Further Information:   On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:

•VTP Version field DoS

•Integer Wrap in VTP revision

•Buffer Overflow in VTP VLAN name

These vulnerabilities are addressed by Cisco IDs:

•CSCsd34759 -- VTP version field DoS

•CSCse47765 -- Integer Wrap in VTP revision

•CSCei54611 -- Buffer Overflow in VTP VLAN name

•CSCsg03449 -- Etherswitch module VLAN Trunking Protocol Vulnerabilities

Cisco's statement and further information are available on the Cisco public website at:

http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml

CSCsh58082  SIP: A router may reload due to SIP traffic

Symptom    Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.

There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.

Workaround   Workarounds exist to mitigate the effects of this problem on devices which do not require SIP.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.

CSCsg15598  DYIDS: Fragmentation prevents signature recognition

The Intrusion Prevention System (IPS) feature set of Cisco IOS® contains several vulnerabilities. These include:

•Fragmented IP packets may be used to evade signature inspection.

•IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service.

There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

This advisory is posted at: http://www.cisco.com/en/US/products/products_security_advisory09186a00807e0a5b.shtml

CSCsg40567 Memory leak found with malformed tls/ssl packets in http core process

Symptom    Malformed SSL packets may cause a router to leak multiple memory blocks.

Conditions   This symptom is observed on a Cisco router that has the ip http secure server command enabled.

Workaround   Disable the ip http secure server command.

CSCse56501

A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.

Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.

CSCsg16908 IOS FTP Server Deprecation

Multiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's file system, including the device's saved configuration, which may include passwords or other sensitive information.

The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.

This vulnerability does not apply to the IOS FTP Client feature.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.

CSCsi01470

A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.

CSCsi84017  c2600 router hangs during reload

Symptom    When you reload a Cisco 2600 series, the router may hang.

Conditions   This symptom is observed on a Cisco 2600 series when you attempt to run the c2600-entservices-mz image of Cisco IOS Release 12.4(9)T4. The symptom may also occur in other releases.

Workaround   There is no workaround.

CSCsi09530 CME SIP phone failed to register because of authenticate register

Symptom    If the authenticate register command is configured under the voice register global command, CME SIP failed to registered.

Conditions   The authenticate register command is configured under the voice register global command when CME is acting as a registrar.

Workaround   Disable the authenticate register command under the voice register global command.

Further Problem Description:    In registrar functionality, CME challenges an inbound register request with a 401 response. If the authenticate register command is configured under the voice register global command, the Registering Endpoint then ends a Register Request with Credentials. The Gateway Stack is not processing this request and is dropping it.

CSCsf07847 cdp may fail to discover neighbor information in releases with 
CSCse85200

Symptom    Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.

Conditions   This issue occurs in IOS images that has the fix for CSCse85200.

Workaround   Disable CDP on interfaces where CDP is not required.

Further Problem Description:    Because CDP is a Layer-2 protocol, the symptom can only be triggered by routers that reside on the same network segment.

CSCsj32707 GW rejects SIP UPDATE with Cseq 0

Symptom    A "SIP UPDATE" message from a Cisco CallManager or SIP Proxy Server with a "Cseq" value of 0 may be rejaected or considered invalid by A Cisco gateway.

Conditions   This symptom is observed on a Cisco gateway that runs Cisco IOS Release 12.4(9)T4 or a later release and that is connected to a SIP endpoint.

Workaround   There is no workaround. Note that the symptom does not occur in Release 12.4(9)T3.

CSCsj44081 Improvements in diagnostics and instrumentation 

Cisco IOS Software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS Software releases published after April 5, 2007.

Details:    With the new enhancement in place, IOS will emit a %DATACORRUPTION-1-DATAINCONSISTENCY error message whenever it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.

The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp

May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy error 

The error message is then followed by a traceback.

It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.

Recommended Action    Collect "show tech-support" command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the %DATACORRUPTION-1-DATAINCONSISTENCY message and note those to your support contact.

•CSCsh53643 mbar/isync compiler automation

•CSCsh77241 Reverting the compliler back to c2.95.3-plib

•CSCsh75069 Input Queue Wedge with UDP Echo packets

•CSCsh87705 GCC compiler modifications

•CSCsh87711

•CSCsh87715

•CSCsh23148 c32xx MMU mapping refinements

•CSCek56536 memory leak under simpleudpfuzz attack for port 500

•CSCsh15703 c815 and c1700 MMU mapping refinement

•CSCsh20392 vg200 and c2600 MMU mapping refinements

•CSCsh46705 Remove unused func declaration of vtsp_tsp_call_disconnect_ind_rawsignal

•CSCek66935 migrate autobahn76 to c2.95.3-p11c compiler

•CSCej53426 miata6 gcc.c3.4.3 rollout: compiler versioning infrastructure

Resolved Caveats - Cisco IOS Release 12.4(6)XE2

CSCsf04754: Two authentication vulnerabilities in SNMPv3 feature

Symptom    Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities.

Workaround   Workarounds are available for mitigating the impact of the vulnerabilities described in this document. The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability Note VU#878044 to these vulnerabilities. Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to these vulnerabilities. This advisory will be posted at
http://www.cisco.com/en/US/products/products_security_advisory09186a00809ac83b.shtml

CSCse06975: Traceback at pak_copy_contiguous_to_contiguous when testing multicast

Symptom    VoIP LMR multicast capability does not work on network module NM-HD-2V with E&M.

Workaround   There is no workaround.

CSCse15025: Intermittent analog/cas voice port lockup or robotic voice

Symptom    An analog or digital CAS port enters a state in which inbound or outbound calls, or both, may no longer function through the port.

Conditions   This symptom is observed on a Cisco 2800 series and Cisco 3800 series that function as gateways with analog or digital CAS ports that use PVDM2 DSP modules.

When this problem occurs, it impacts multiple ports that share the same signaling DSP. The output of the show voice dsp signaling EXEC command shows which DSP is used by a port for signaling. The symptom may occur more often for ports that use DSP 1 on the PVDM2 module for signaling.

Because this issue impacts the signaling channels, it has been seen that calls either will not connect at all through impacted ports or in some cases when multiple simultaneous calls are present on adjacent voice ports/timeslots, the call may connect momentarily before being disconnected.

If a problem occurs only on a single voice port, there is another problem, not this caveat (CSCse15025). PRI/BRI calls are not affected because PRI/BRI does not utilize the DSP for signaling purposes.

When the symptom occurs with either a VIC2-xFXO or EVM DID/FXS module, enter the terminal monitor command followed by the test voice port port-number si-reg-read 39 1 command for one of the affected ports. The output typically should be a single octet value for register 39. When the symptom occurs, information for Registers 40, 41, and 42 is presented and some of the registers show double- octet information.

When the symptom occurs with FXS or analog E&M modules, enter the terminal monitor command followed by the test voice port port- number codec-debug 10 1 command for one of the affected ports. The output typically should be a single octet value for each register.

Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reload the gateway to restore proper operation.

Further Problem Description: The changes in CSCse15025 includes changes in CSCsc11833 and CScsd90851. These changes have been shown to help mitigate this problem in the majority of cases.

There is a further detection and reset mechanism in CSCse15025 that will recover the DSP which is in this state. This mechanism will trigger immediately if the impacted voice port is an analog FXO port. For other voice ports, a delay in the detection will be present and it is possible to see the symptom of this problem before the recovery code triggers.

Note that the reset mechanism will cause any active calls utilizing the DSP in question to be dropped. It is recommended if running with modules which can be impacted by this issue to upgrade to a release of software which contains the changes in CSCse15025.

If the DSP is reset and the below output is seen, contact the TAC for further assistance. Note that this output is sent at debug level and it is recommended to enable either syslog or logging buffered on the gateway.

Logging buffered on the gateway is enabled through the global command logging buffered 50000 debug as an example to set the logging buffered to use 50K bytes of processor memory for logging. The output of the log can be seen with the exec command show log.

CSCse27845: One way voice after ringing pickup of transferred at-alert call

Symptom    One-way voice.

Conditions   Ephones A, B, and C are on the same CME. A calls B. B does an at-alert transfer to C. While C is ringing, B does a ringing pickup on C's extension. One way voice results with B being unable to hear A.

Workaround   There is no workaround.

CSCse29031: H323-H323 slow start flow around support on IPIPGW in H245 passthru 
mode

Symptom    No support for media flow-around in h245 passthru mode.

Workaround   There is no workaround.

CSCse47728: Path confirmation failures with VoAAL2 traffic

Symptom    Path confirmation failures seen with Voice over ATM traffic.

Workaround   There is no workaround.

CSCse60762: Traceback seen at gk_endpt_global_queue_remove

Symptom    Traceback seen on the gatekeeper while deleting endpoint max-calls CLI.

Workaround   There is no workaround.

CSCse66125: Call-waiting ring in ephone-dn-template fails to hold configuration

Symptom    When trying to configure call-waiting ring on a ephone-dn x, the configuration is accepted, but cannot be seen in the configuration in show running.

Workaround   There is no workaround.

CSCse68138: Handle fragmented packets in VOIP RTP Lib

Symptom    Router may reload due to fragmented RTP packets. This is a platform independent problem.

Conditions   Its likely to happen in networks where VOIP is one of applications and one more segments of network are using low MTU.

Workaround   There is no workaround.

CSCse72236: OLC carried ipipgw ip address in flow-around mode for h323-h323 ss call

Symptoms: In H323-H323 Slow Start Flow-around mode. OLC and OLC ACK should carried the remote's ip address and media port info. But on haw_t, ipipgw's ip address is used in one of the OLC message toward to the remote GW. This is not correct.

Conditions: The flow-around call is still OK since the OLC ACK carried the correct info.

Workaround   There is no workaround.

CSCse75014: CME/SRST not able to make calls to Unity VM

Symptom    CME/SRST Not able to make calls to Unity VM.VM port DN is not coming to "Idle" state after restarting Unity.

Workaround   There is no workaround.

CSCse96018: Three-party conference fails to continue

Symptom    Analog phones connected to the Cisco VG224 voice gateway can establish a three-party conference. After establishing the three-party conference, it is not sustained, the Cisco VG224 phone is fed with re-order tone.

Conditions   This has been seen when the other two parties of the three-party conference are SIP IP phones.

Workaround   There is no workaround.

Resolved Caveats - Cisco IOS Release 12.4(6)XE1

CSCek39526: Router crashed @ tagsw_tfib_rewrite_print when show ipv6 cef int

CSCek45222: QOS service-policy commaand no longer available for vlan interface

CSCek45370: Ping fail from Ipanema FIO PRI interface

CSCse56129: VG224 erroneously triggers hookflash during CME call pickup interaction

CSCse59347: Cme/srst ip phone unregister does not down the virtual POTS peers

CSCse68355: Router crashed by single SIP invite packet

Special Caveats and Updates

SIP Bugs in 12.4(6)XE

•CSCeb21064

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCej20505

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsb24007

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsc60249

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsd81407

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCse05642

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCse40276

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCse68138

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCse68355

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsf08998

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsf11855

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsf30058

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsg70474

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsi60004

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

•CSCsi80749

Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:

–Session Initiation Protocol (SIP)

–Media Gateway Control Protocol (MGCP)

–Signaling protocols H.323, H.254

–Real-time Transport Protocol (RTP)

–Facsimile reception

Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.

There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

NHRP Bugs in IP Routing Protocols

•CSCin95836

The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.

NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.

NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.

NHRP is not enabled by default for Cisco IOS.

This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

SCP Bugs in 12.4(6)XE

•CSCsc19259

The server side of the Secure Copy (SCP) implementation in Cisco IOS contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.

The Cisco IOS Secure Copy Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the Cisco IOS Secure Copy Server service are not affected by this vulnerability.

This vulnerability does not apply to the Cisco IOS Secure Copy Client feature.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml.

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

IPv6 Bugs in 12.4(6)XE

•CSCef77013

Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.

Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at

http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.

Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:

Cisco IOS Information Leakage Using IPv6 Routing Header

–http://www.cisco.com/en/US/products/products_security_advisory09186a0080899647.shtml

Cisco IOS Next Hop Resolution Protocol Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml

Cisco IOS Secure Copy Authorization Bypass Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml

Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager

–http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml

Cisco Unified MeetingPlace XSS Vulnerability

–http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml

Related Documentation

The following sections describe the documentation available for the Cisco 2800 series integrated services routers. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available in PDF or HTML format.

Use these release notes with the documents listed in the following sections:

•Release-Specific Documents

•Platform-Specific Documents

Release-Specific Documents

The following documents are specific to Release 12.4T and apply to 12.4(6)XE. They are located on Cisco.com:

•Cross-Platform Release Notes for Cisco IOS Release 12.4T

On Cisco.com at:

Technical Documents: Cisco IOS Software: Cisco IOS Release 12.4: Release Notes

•To reach product bulletins, field notices, and other release-specific documents, follow this path:

Technical Documents: Product Bulletins 

•To reach the Caveats for Cisco IOS Release 12.4 document, which contain caveats applicable to all platforms for all maintenance releases of Release 12.4, follow this path:

Technical Documents: Cisco IOS Software: Release 12.4: Caveats 

---

Note If you have an account on Cisco.com, you can also use the Bug Toolkit to find select caveats of any severity. To reach the Bug Toolkit, log in to Cisco.com and click Service & Support: Technical Assistance Center: Tool Index: Bug Toolkit. Another option is to go to the following URL: http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl.   

---

Platform-Specific Documents

Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 2800 series integrated services routers are available on Cisco.com at the following location:

http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html

This URL is subject to change without notice. If it changes, point your web browser to Cisco.com, and follow this path:

Technical Support & Documentation: Documentation: Routers: <platform_name>

Feature Navigator

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software

Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS and Catalyst OS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Cisco IOS Software Documentation Set

The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents that are shipped with your order in electronic form.

Documentation Modules

Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. The Cisco IOS software documentation set is available on Cisco.com in PDF or HTML format.

On Cisco.com:

Products & Services: IOS Software: Cisco IOS Software Releases 12.4 Mainline: Technical Documentation: Master Indices

Release 12.4 Documentation Set

Table 3 describes the contents of the Cisco IOS Release 12.4 software documentation set, which is available in electronic form.

---

Note You can find the most current Cisco IOS documentation on Cisco.com in html or pdf format.

---

---

Note Some aspects of the complete Cisco IOS Release 12.4 software documentation set might not apply to the platforms in this release note.

---

Table 3 Cisco IOS Release 12.4 Documentation Set  

Books	Major Topics
•Cisco IOS Configuration Fundamentals Configuration Guide •Cisco IOS Configuration Fundamentals Command Reference	Cisco IOS User Interfaces File Management System Management
•Cisco IOS Bridging and IBM Networking Configuration Guide •Cisco IOS Bridging and IBM Networking Command Reference, Volume 1 of 2 •Cisco IOS Bridging and IBM Networking Command Reference, Volume 2 of 2	Transparent Bridging SRB Token Ring Inter-Switch Link Token Ring Route Switch Module RSRB DLSW+ Serial Tunnel and Block Serial Tunnel LLC2 and SDLC IBM Network Media Translation SNA Frame Relay Access NCIA Client/Server Airline Product Set DSPU and SNA Service Point SNA Switching Services Cisco Transaction Connection Cisco Mainframe Channel Connection CLAW and TCP/IP Offload CSNA, CMPC, and CMPC+ TN3270 Server
•Cisco IOS Dial Technologies Configuration Guide: Dial Access •Cisco IOS Dial Technologies Configuration Guide: Large-Scale Dial Applications •Cisco IOS Dial Technologies Command Reference, Volume 1 of 2 •Cisco IOS Dial Technologies Command Reference, Volume 2 of 2	Dial Access Modem and Dial Shelf Configuration and Management ISDN Configuration Signaling Configuration Point-to-Point Protocols Dial-on-Demand Routing Dial Backup Dial Related Addressing Service Network Access Solutions Large-Scale Dial Solutions Cost-Control Solutions Internetworking Dial Access Scenarios
•Cisco IOS Interface Configuration Guide •Cisco IOS Interface Command Reference	LAN Interfaces Serial Interfaces Logical Interfaces
•Cisco IOS IP Configuration Guide •Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services •Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols •Cisco IOS IP Command Reference, Volume 3 of 3: Multicast	IP Addressing IP Services IP Routing Protocols IP Multicast
•Cisco IOS AppleTalk and Novell IPX Configuration Guide •Cisco IOS AppleTalk and Novell IPX Command Reference	AppleTalk Novell IPX
•Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Configuration Guide •Cisco IOS Apollo Domain, Banyan VINES, DECnet, ISO CLNS, and XNS Command Reference	Apollo Domain Banyan VINES DECnet ISO CLNS XNS
•Cisco IOS Voice, Video, and Fax Configuration Guide •Cisco IOS Voice, Video, and Fax Command Reference	Voice over IP Call Control Signaling Voice over Frame Relay Voice over ATM Telephony Applications Trunk Management Fax, Video, and Modem Support
•Cisco IOS Quality of Service Solutions Configuration Guide •Cisco IOS Quality of Service Solutions Command Reference	Packet Classification Congestion Management Congestion Avoidance Policing and Shaping Signaling Link Efficiency Mechanisms
•Cisco IOS Security Configuration Guide •Cisco IOS Security Command Reference	AAA Security Services Security Server Protocols Traffic Filtering and Firewalls IP Security and Encryption Passwords and Privileges Neighbor Router Authentication IP Security Options Supported AV Pairs
•Cisco IOS Switching Services Configuration Guide •Cisco IOS Switching Services Command Reference	Cisco IOS Switching Paths NetFlow Switching Multiprotocol Label Switching Multilayer Switching Multicast Distributed Switching Virtual LANs LAN Emulation
•Cisco IOS Wide-Area Networking Configuration Guide •Cisco IOS Wide-Area Networking Command Reference	ATM Frame Relay SMDS X.25 and LAPB
•Cisco IOS Mobile Wireless Configuration Guide •Cisco IOS Mobile Wireless Command Reference	General Packet Radio Service
•Cisco IOS Terminal Services Configuration Guide •Cisco IOS Terminal Services Command Reference	ARA LAT NASI Telnet TN3270 XRemote X.28 PAD Protocol Translation
•Cisco IOS Configuration Guide Master Index •Cisco IOS Command Reference Master Index •Cisco IOS Debug Command Reference •Cisco IOS Software System Error Messages •New Features in 12.4-Based Limited Lifetime Releases •New Features in Release 12.4T •Release Notes (Release note and caveat documentation for 12.4-based releases and various platforms)

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Cisco.com

You can access the most current Cisco documentation at this URL:

http://www.cisco.com/techsupport

You can access the Cisco website at this URL:

http://www.cisco.com

You can access international Cisco websites at this URL:

http://www.cisco.com/public/countries_languages.shtml

Product Documentation DVD

The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have pdf versions of the documentation available.

The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Ordering Documentation

Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:

http://www.cisco.com/go/marketplace/

Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.

Documentation Feedback

You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.

You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Cisco Product Security Overview

Cisco provides a free online Security Vulnerability Policy portal at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

From this site, you will find information about how to:

•Report security vulnerabilities in Cisco products.

•Obtain assistance with security incidents that involve Cisco products.

•Register to receive security information from Cisco.

A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:

http://www.cisco.com/go/psirt

To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:

http://www.cisco.com/en/US/products/products_psirt_rss_feed.html

Reporting Security Problems in Cisco Products

Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:

•For Emergencies only — security-alert@cisco.com

An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered non emergencies.

•For Non emergencies — psirt@cisco.com

In an emergency, you can also reach PSIRT by telephone:

•1 877 228-7302

•1 408 525-6532

---

Tip We encourage you to use Pretty Good Privacy (PGP) or a compatible product (for example, GnuPG) to encrypt any sensitive information that you send to Cisco. PSIRT can work with information that has been encrypted with PGP versions 2.x through 9.x.

Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:

http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

The link on this page has the current PGP key ID in use.

If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.

---

Obtaining Technical Assistance

Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.

Cisco Technical Support & Documentation Website

The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:

http://www.cisco.com/techsupport

Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:

http://tools.cisco.com/RPF/register/register.do

---

Note Use the Cisco Product Identification (CPI) tool to locate your product serial number before submitting a web or phone request for service. You can access the CPI tool from the Cisco Technical Support & Documentation website by clicking the Tools & Resources link under Documentation & Tools. Choose Cisco Product Identification Tool from the Alphabetical Index drop-down list, or click the Cisco Product Identification Tool link under Alerts & RMAs. The CPI tool offers three search options: by product ID or model name; by tree view; or for certain products, by copying and pasting show command output. Search results show an illustration of your product with the serial number label location highlighted. Locate the serial number label on your product and record the information before placing a service call.

---

Submitting a Service Request

Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:

http://www.cisco.com/techsupport/servicerequest

For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.

To open a service request by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete list of Cisco TAC contacts, go to this URL:

http://www.cisco.com/techsupport/contacts

Definitions of Service Request Severity

To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.

Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

•The Cisco Product Quick Reference Guide is a handy, compact reference tool that includes brief product overviews, key features, sample part numbers, and abbreviated technical specifications for many Cisco products that are sold through channel partners. It is updated twice a year and includes the latest Cisco offerings. To order and find out more about the Cisco Product Quick Reference Guide, go to this URL:

http://www.cisco.com/go/guide

•Cisco Marketplace provides a variety of Cisco books, reference guides, documentation, and logo merchandise. Visit Cisco Marketplace, the company store, at this URL:

http://www.cisco.com/go/marketplace/

•Cisco Press publishes a wide range of general networking, training and certification titles. Both new and experienced users will benefit from these publications. For current Cisco Press titles and other information, go to Cisco Press at this URL:

http://www.ciscopress.com

•Packet magazine is the Cisco Systems technical user magazine for maximizing Internet and networking investments. Each quarter, Packet delivers coverage of the latest industry trends, technology breakthroughs, and Cisco products and solutions, as well as network deployment and troubleshooting tips, configuration examples, customer case studies, certification and training information, and links to scores of in-depth online resources. You can access Packet magazine at this URL:

http://www.cisco.com/packet

•iQ Magazine is the quarterly publication from Cisco Systems designed to help growing companies learn how they can use technology to increase revenue, streamline their business, and expand services. The publication identifies the challenges facing these companies and the technologies to help solve them, using real-world case studies and business strategies to help readers make sound technology investment decisions.

•Internet Protocol Journal is a quarterly journal published by Cisco Systems for engineering professionals involved in designing, developing, and operating public and private internets and intranets. You can access the Internet Protocol Journal at this URL:

http://www.cisco.com/ipj

•Networking products offered by Cisco Systems, as well as customer support services, can be obtained at this URL:

http://www.cisco.com/en/US/products/index.html

•Networking Professionals Connection is an interactive website for networking professionals to share questions, suggestions, and information about networking products and technologies with Cisco experts and other networking professionals. Join a discussion at this URL:

http://www.cisco.com/discuss/networking

•World-class networking training is available from Cisco. You can view current offerings at this URL:

http://www.cisco.com/en/US/learning/index.html

Open Source License Acknowledgements

The following notices pertain to this software license.

OpenSSL/Open SSL Project

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).

This product includes software written by Tim Hudson (tjh@cryptsoft.com).

License Issues

The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.

OpenSSL License:

Copyright © 1998-2007 The OpenSSL Project. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment:

"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

Original SSLeay License:

Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.

This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).

The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).

Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement:

"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".

The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)".

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].

This document is to be used in conjunction with the documents listed in the "Related Documentation" section.

CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)

Copyright © 2005-2006, Cisco Systems, Inc. All rights reserved