Release Notes for the Cisco VG224 Analog Gateway for Cisco IOS Release 12.4(6)XE
Available Languages
Table Of Contents
Release Notes for the Cisco VG224 Analog Gateway for Cisco IOS Release 12.4(6)XE
Determining Your Software Release
Upgrading to a New Software Release
Determining Which Software Images (Feature Sets) Support a Specific Feature
Determining Which Features Are Supported in a Specific Software Image (Feature Set)
New Hardware and Software Features in Release 12.4(6)XE3
Resolved Caveats - Cisco IOS Release 12.4(6)XE3
Resolved Caveats - Cisco IOS Release 12.4(6)XE2
Resolved Caveats - Cisco IOS Release 12.4(6)EX1
NHRP Bugs in IP Routing Protocols
Cisco IOS Software Documentation Set
Obtaining Documentation, Obtaining Support, and Security Guidelines
Open Source License Acknowledgements
Release Notes for the Cisco VG224 Analog Gateway for Cisco IOS Release 12.4(6)XE
August 8, 2007Cisco IOS Release 12.4(6)XE3OL-11662-02 Third release
These release notes for the Cisco VG224 analog gateway describe the product-related enhancements provided in Cisco IOS Release 12.4(6)XE. These release notes are updated as needed.
For a list of the software caveats that apply to Cisco IOS Release 12.4(6)XE, see "Caveats" section. See also Caveats for Cisco IOS Release 12.4 T, which is updated for every maintenance release and is located on Cisco.com and the Documentation CD-ROM.
Use these release notes with Cross-Platform Release Notes for Cisco IOS Release 12.4 T located on Cisco.com and the Documentation CD-ROM.
Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at http://www.cisco.com/warp/customer/tech_tips/index/fn.html. If you do not have a Cisco.com login account, you can find field notices at http://www.cisco.com/warp/public/tech_tips/index/fn.html.
Contents
These release notes describe the following topics:
•
Obtaining Documentation, Obtaining Support, and Security Guidelines
•
Inheritance Information
Cisco IOS Release 12.4(6)XE, an early deployment release, is based on Cisco IOS Release 12.4(6)T, which in turn is based on Cisco IOS Release 12.4. Cisco IOS Release 12.4(6)T is the first early deployment maintenance release of Cisco IOS Release 12.4 T and is based on the mainline Cisco IOS Release 12.4. Refer to Table 1 for more information.
All features in Cisco IOS Release 12.4(6)T are in Cisco IOS Release 12.4(6)XE.
Table 1 References for the Cross-Platform Release Notes for Cisco IOS Release 12.4 T
•
•
To view information about the topics in the left-hand column, click Cross-Platform System Requirements at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124relnt/xprn124/124reqs.htm
•
•
•
To view information about the topics in the left-hand column for Cisco IOS Release 12.4 T, go to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124relnt/xprn124/124newf.htm
Scroll down and click New Software Features in Cisco IOS Release 12.4(6)T, or MIBs, or Important Notes.
•
•
•
To view information about the topics in the left-hand column, go to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124relnt/xprn124/124docs.htm
Introduction
Cisco IOS Release 12.4(6)XE supports the Cisco VG224 analog gateway.
The Cisco VG224 series is a family of analog gateways. The Cisco VG224 has 24-port FXS through an RJ-21 connector and two 10/100BaseT interfaces.
For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.4(6)XE, see "New and Changed Information" section.
Early Deployment Releases
These release notes describe Cisco IOS Release 12.4(6)XE for the Cisco VG224 analog gateway. Cisco IOS Release 12.4(6)XE is an early deployment (ED) release based on Release 12.4(6)T, which in turn is based on Cisco IOS Release 12.4. Early deployment releases contain fixes to software caveats as well as support for new Cisco hardware and software features. Feature support is cumulative from release to release, unless otherwise noted.
Table 2 lists new features supported by the Cisco VG224 analog gateway in Cisco IOS Release 12.4(6)XE. See "Inheritance Information" section for a list of the documentation specific to the Cisco VG224 analog gateway.
Table 2 Early Deployment Release New Features for the Cisco VG224 Analog Gateway
Availability12.4(6)XE
None
Cisco VG224
Yes
1 Only major features are listed.
2 MIB = Management Information Base
System Requirements
This section describes the system requirements for Cisco IOS Release 12.4(6)XE and includes the following sections:
•
•
Memory Recommendations
Table 3 lists the memory recommendations of the Cisco IOS feature sets for the Cisco VG224 analog gateway for Cisco IOS Release 12.4(6)XE.
The Cisco VG224 analog gateway is available with a 32-MB Flash memory card.
Supported Hardware
Cisco IOS Release 12.4(6)XE supports the following platforms:
•
For detailed descriptions of the new hardware features, see the "New and Changed Information" section.
For information about supported hardware for this platform and release, refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
http://www.cisco.com/cgi-bin/front.x/Support/HWSWmatrix/hwswmatrix.cgi
Determining Your Software Release
To determine the version of Cisco IOS software running on the Cisco VG224 analog gateway, log in to the gateway and enter the show version EXEC command:
Router> show versionCisco IOS Software, vg224 Software (vg224-I6K9S-M), Version12.4(6)XE, RELEASE SOFTWARE (fc1)TAC Support: http://www.cisco.com/tacCopyright (c) 1986-2003 by Cisco Systems, Inc.Upgrading to a New Software Release
For general information about upgrading to a new software release, see Cisco IOS Upgrade Ordering Instructions located at: http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/957_pp.htm.
Feature Support
Cisco IOS software is packaged in feature sets that consist of software images that support specific platforms. The feature sets available for a specific platform depend on which Cisco IOS software images are included in a release. Each feature set contains a specific set of Cisco IOS features.
To improve the usability of the release notes documentation, Cisco IOS Release 12.4(6)XE release notes no longer contains the feature set tables. The feature-to-image mapping that was provided by the feature set tables is available through Cisco Feature Navigator.
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or by feature set (software image). Under the release section, you can compare Cisco IOS software releases side by side to display both the features unique to each software release and the features that the releases have in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
For frequently asked questions about Cisco Feature Navigator, see the FAQs at the following URL:
http://www.cisco.com/support/FeatureNav/FNFAQ.html
Caution
Determining Which Software Images (Feature Sets) Support a Specific Feature
To determine which software images (feature sets) in Cisco IOS Release 12.4(6)XE support a specific feature, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:
Step 1
Step 2
Step 3
Note
Repeat this step to add additional features. You can choose a maximum of 20 features for a single search.
Step 4
Step 5
Step 6
Step 7
Determining Which Features Are Supported in a Specific Software Image (Feature Set)
To determine which features are supported in a specific software image (feature set) in Cisco IOS Release 12.4(6)XE, go to the Cisco Feature Navigator home page, enter your Cisco.com login, and perform the following steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
New and Changed Information
The following sections list the new hardware products and software features supported by the Cisco VG224 analog gateway in Cisco IOS Release 12.4(6)XE.
New Hardware and Software Features in Release 12.4(6)XE3
No new hardware products or software features are supported in Cisco IOS Release 12.4(6)XE3.
Limitations and Restrictions
Refer to each feature for individual limitations and restrictions.
Current MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Supported MIBs
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
Field Notices and Bulletins
•
•
•
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious caveats; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only selected severity 3 caveats are included in the caveats document.
This section contains open and resolved caveats for the current Cisco IOS maintenance release.
All caveats in Cisco IOS Release 12.4 and Cisco IOS Release 12.4 T are also in Cisco IOS Release 12.4(6)XE.
For information on caveats in Cisco IOS Release 12.4 and Cisco IOS Release 12.4 T, see Caveats for Cisco IOS Release 12.4 T. These documents lists severity 1 and severity 2 caveats and only selected severity 3 caveats, and are located on Cisco.com and the Documentation CD-ROM.
Caveat numbers and brief descriptions for Release 12.4(6)XE are listed in this section.
Note
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
This section contains the following caveat information:
•
•
•
Resolved Caveats - Cisco IOS Release 12.4(6)XE3
CSCec12299Devices running Cisco IOS versions 12.0S, 12.2, 12.3 or 12.4 and configured for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) or VPN Routing and Forwarding Lite (VRF Lite) and using Border Gateway Protocol (BGP) between Customer Edge (CE) and Provider Edge (PE) devices may permit information to propagate between VPNs.
Workarounds are available to help mitigate this vulnerability.
This issue is triggered by a logic error when processing extended communities on the PE device. This issue cannot be deterministically exploited by an attacker.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml.
CSCse56501A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.
Cisco is providing fixed software to address this issue. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-IPv4IPv6.shtml.
CSCse24889 Malformed SSH version 2 packets may cause processor memory depletionSymptom Malformed SSH version 2 packets may cause a memory leak, causing the platform to operate under a degraded condition. Under rare circumstances, the platform may reload to recover itself.
Conditions
Workaround
config tip ssh version 1endAlternate Workaround: Permit only known trusted hosts and/or networks to connect to the router by creating a vty access list, as in the following example:
10.1.1.0/24 is a trusted network thatis permitted access to the router, allother access is deniedaccess-list 99 permit 10.1.1.0 0.0.0.255access-list 99 deny anyline vty 0 4access-class 99 inendFurther Problem Description: For information about configuring vty access lists, see the Controlling Access to a Virtual Terminal Line document: http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter
For information about SSH, see the Configuring Secure Shell on Routers and Switches Running Cisco IOS document: http://www.cisco.com/warp/public/707/ssh.shtml
CSCse05736 A router running RCP can be reloaded with a specific packetSymptom A router that is running RCP can be reloaded by a specific packet.
Conditions
•
•
•
Workaround
CSCsd92405 router crashed by repeated SSL connection with malformed finished messageCisco IOS device may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device.
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device.
These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. Cisco IOS is affected by the following vulnerabilities:
•
•
•
Cisco has made free software available to address these vulnerabilities for affected customers. There are workarounds available to mitigate the effects of these vulnerabilities. This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software releases that fixes all security vulnerabilities published as of May 22, 2007.
This software table is available at the following link: http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
CSCsd85587 7200 Router crashes with ISAKMP Codenomicon test suiteA vulnerability has been discovered in a third party cryptographic library which is used by a number of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials (such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the confidentiality or integrity of the data or the device.
These vulnerabilities are not believed to allow an attacker will not be able to decrypt any previously encrypted information. The vulnerable cryptographic library is used in the following Cisco products:
•
•
•
•
•
This vulnerability is also being tracked by CERT/CC as VU#754281. Cisco has made free software available to address this vulnerability for affected customers. There are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml .
Note
A combined software table for Cisco IOS only is available at http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle. shtml and can be used to choose a software release which fixes all security vulnerabilities published as of May 22, 2007.
The related advisory is published at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml
CSCse83555 Cisco IOS pauses indefinitely with a malformed ISAKMP messageSymptom Cisco IOS pauses indefinitely or reloads unexpectedly with malformed ISAKMP messages.
Conditions
•
•
•
•
•
The IOS device must be configured to process IKE messages (which is the default), and must receive a malformed IKE message from a peer with valid credentials.
Workaround
Further Information: The crash occurs in Quick Mode which means that phase 1 must have been completed, which requires knowledge of the pre-shared key or having a valid certificate (depending on IKE phase 1 configuration.)
CSCsg03449 Etherswitch module VLAN Trunking Protocol VulnerabilitiesSymptom
•
•
•
Conditions
Further Information: On the 13th September 2006, Phenoelit Group posted an advisory containing three vulnerabilities:
•
•
•
These vulnerabilities are addressed by Cisco IDs:
•
•
•
•
Cisco's statement and further information are available on the Cisco public website at:
http://www.cisco.com/warp/public/707/cisco-sr-20060913-vtp.shtml
CSCsh58082 SIP: A router may reload due to SIP trafficSymptom Cisco devices running an affected version of Internetwork Operating System (IOS) which supports Session Initiation Protocol (SIP) are affected by a vulnerability that may lead to a reload of the device when receiving a specific series of packets destined to port 5060. This issue is compounded by a related bug which allows traffic to TCP 5060 and UDP port 5060 on devices not configured for SIP.
There are no known instances of intentional exploitation of this issue. However, Cisco has observed data streams that appear to be unintentionally triggering the vulnerability.
Workaround
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070131-sip.shtml.
CSCsg15598 DYIDS: Fragmentation prevents signature recognitionThe Intrusion Prevention System (IPS) feature set of Cisco IOS® contains several vulnerabilities. These include:
•
•
There are mitigations and workarounds for these vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.
This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20070213-iosips.shtml
CSCsg40567 Memory leak found with malformed tls/ssl packets in http core processSymptom Malformed SSL packets may cause a router to leak multiple memory blocks.
Conditions
Workaround
CSCsg16908 IOS FTP Server DeprecationMultiple vulnerabilities exist in the Cisco IOS File Transfer Protocol (FTP) Server feature. These vulnerabilities include Denial of Service, improper verification of user credentials and the ability to read or write any file in the device's file system, including the device's saved configuration, which may include passwords or other sensitive information.
The IOS FTP Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the IOS FTP Server service are unaffected by these vulnerabilities.
This vulnerability does not apply to the IOS FTP Client feature.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml.
CSCsi01470A vulnerability in the Cisco implementation of Multicast Virtual Private Network (MVPN) is subject to exploitation that can allow a malicious user to create extra multicast states on the core routers or receive multicast traffic from other Multiprotocol Label Switching (MPLS) based Virtual Private Networks (VPN) by sending specially crafted messages.
Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20080326-mvpn.shtml.
CSCsi84017 c2600 router hangs during reloadSymptom When you reload a Cisco 2600 series, the router may hang.
Conditions
Workaround
CSCsi09530 CME SIP phone failed to register because of authenticate registerSymptom If the authenticate register command is configured under the voice register global command, CME SIP failed to registered.
Conditions
Workaround
Further Problem Description: In registrar functionality, CME challenges an inbound register request with a 401 response. If the authenticate register command is configured under the voice register global command, the Registering Endpoint then ends a Register Request with Credentials. The Gateway Stack is not processing this request and is dropping it.
CSCsf07847 cdp may fail to discover neighbor information in releases with CSCse85200Symptom Specifically crafted CDP packets can cause a router to allocate and keep extra memory. Exploitation of this behavior by sending multiple specifically crafted CDP packets could cause memory allocation problems on the router.
Conditions
Workaround
Further Problem Description: Because CDP is a Layer-2 protocol, the symptom can only be triggered by routers that reside on the same network segment.
CSCsj32707 GW rejects SIP UPDATE with Cseq 0Symptom A "SIP UPDATE" message from a Cisco CallManager or SIP Proxy Server with a "Cseq" value of 0 may be rejaected or considered invalid by A Cisco gateway.
Conditions
Workaround
CSCsj44081 Improvements in diagnostics and instrumentationCisco IOS Software has been enhanced with the introduction of additional software checks to signal improper use of internal data structures. This enhancement was introduced in select Cisco IOS Software releases published after April 5, 2007.
Details: With the new enhancement in place, IOS will emit a %DATACORRUPTION-1-DATAINCONSISTENCY error message whenever it detects an inconsistency in its internal data structures. This is a new error message. The following is an example.
The %DATACORRUPTION-1-DATAINCONSISTENCY error message is preceded by a timestamp
May 17 10:01:27.815 UTC: %DATACORRUPTION-1-DATAINCONSISTENCY: copy errorThe error message is then followed by a traceback.
It is important to note that this error message does not imply that packet data is being corrupted. It does, however provide an early indicator of other conditions that can eventually lead to poor system performance or an IOS restart.
Recommended Action Collect "show tech-support" command output and open a service request with the Technical Assistance Center (TAC) or designated support organization. Pay particular attention to any other error messages or error symptoms that accompany the %DATACORRUPTION-1-DATAINCONSISTENCY message and note those to your support contact.
•
•
•
•
•
•
•
•
•
•
•
•
•
Resolved Caveats - Cisco IOS Release 12.4(6)XE2
CSCsf04754: Two authentication vulnerabilities in SNMPv3 featureSymptom Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 (SNMPv3) feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. These vulnerabilities could allow the disclosure of network information or may enable an attacker to perform configuration changes to vulnerable devices. The SNMP server is an optional service that is disabled by default. Only SNMPv3 is impacted by these vulnerabilities.
Workaround
CSCse06975: Traceback at pak_copy_contiguous_to_contiguous when testing multicastSymptom VoIP LMR multicast capability does not work on network module NM-HD-2V with E&M.
Workaround
CSCse15025: Intermittent analog/cas voice port lockup or robotic voiceSymptom An analog or digital CAS port enters a state in which inbound or outbound calls, or both, may no longer function through the port.
Conditions
When this problem occurs, it impacts multiple ports that share the same signaling DSP. The output of the show voice dsp signaling EXEC command shows which DSP is used by a port for signaling. The symptom may occur more often for ports that use DSP 1 on the PVDM2 module for signaling.
Because this issue impacts the signaling channels, it has been seen that calls either will not connect at all through impacted ports or in some cases when multiple simultaneous calls are present on adjacent voice ports/timeslots, the call may connect momentarily before being disconnected.
If a problem occurs only on a single voice port, there is another problem, not this caveat (CSCse15025). PRI/BRI calls are not affected because PRI/BRI does not utilize the DSP for signaling purposes.
When the symptom occurs with either a VIC2-xFXO or EVM DID/FXS module, enter the terminal monitor command followed by the test voice port port-number si-reg-read 39 1 command for one of the affected ports. The output typically should be a single octet value for register 39. When the symptom occurs, information for Registers 40, 41, and 42 is presented and some of the registers show double- octet information.
When the symptom occurs with FXS or analog E&M modules, enter the terminal monitor command followed by the test voice port port- number codec-debug 10 1 command for one of the affected ports. The output typically should be a single octet value for each register.
Workaround: There is no workaround to prevent the symptom from occurring. When the symptom has occurred, you must reload the gateway to restore proper operation.
Further Problem Description: The changes in CSCse15025 includes changes in CSCsc11833 and CScsd90851. These changes have been shown to help mitigate this problem in the majority of cases.
There is a further detection and reset mechanism in CSCse15025 that will recover the DSP which is in this state. This mechanism will trigger immediately if the impacted voice port is an analog FXO port. For other voice ports, a delay in the detection will be present and it is possible to see the symptom of this problem before the recovery code triggers.
Note that the reset mechanism will cause any active calls utilizing the DSP in question to be dropped. It is recommended if running with modules which can be impacted by this issue to upgrade to a release of software which contains the changes in CSCse15025.
If the DSP is reset and the below output is seen, contact the TAC for further assistance. Note that this output is sent at debug level and it is recommended to enable either syslog or logging buffered on the gateway.
Logging buffered on the gateway is enabled through the global command logging buffered 50000 debug as an example to set the logging buffered to use 50K bytes of processor memory for logging. The output of the log can be seen with the exec command show log.
CSCse27845: One way voice after ringing pickup of transferred at-alert callSymptom One-way voice.
Conditions
Workaround
CSCse29031: H323-H323 slow start flow around support on IPIPGW in H245 passthru modeSymptom No support for media flow-around in h245 passthru mode.
Workaround
CSCse47728: Path confirmation failures with VoAAL2 trafficSymptom Path confirmation failures seen with Voice over ATM traffic.
Workaround
CSCse60762: Traceback seen at gk_endpt_global_queue_removeSymptom Traceback seen on the gatekeeper while deleting endpoint max-calls CLI.
Workaround
CSCse66125: Call-waiting ring in ephone-dn-template fails to hold configurationSymptom When trying to configure call-waiting ring on a ephone-dn x, the configuration is accepted, but cannot be seen in the configuration in show running.
Workaround
CSCse68138: Handle fragmented packets in VOIP RTP LibSymptom Router may reload due to fragmented RTP packets. This is a platform independent problem.
Conditions
Workaround
CSCse72236: OLC carried ipipgw ip address in flow-around mode for h323-h323 ss callSymptom In H323-H323 Slow Start Flow-around mode. OLC and OLC ACK should carried the remote's ip address and media port info. But on haw_t, ipipgw's ip address is used in one of the OLC message toward to the remote GW. This is not correct.
Conditions
Workaround
CSCse75014: CME/SRST not able to make calls to Unity VMSymptom CME/SRST Not able to make calls to Unity VM.VM port DN is not coming to "Idle" state after restarting Unity.
Workaround
CSCse96018: Three-party conference fails to continueSymptom Analog phones connected to the Cisco VG224 voice gateway can establish a three-party conference. After establishing the three-party conference, it is not sustained, the Cisco VG224 phone is fed with re-order tone.
Conditions
Workaround
Resolved Caveats - Cisco IOS Release 12.4(6)EX1
CSCek39526: Router crashed @ tagsw_tfib_rewrite_print when show ipv6 cef int
CSCek45222: QOS service-policy commaand no longer available for vlan interface
CSCek45370: Ping fail from Ipanema FIO PRI interface
CSCse56129: VG224 erroneously triggers hookflash during CME call pickup interaction
CSCse59347: Cme/srst ip phone unregister does not down the virtual POTS peers
CSCse68355: Router crashed by single SIP invite packet
Special Caveats and Updates
SIP Bugs in 12.4(6)XE
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
•
Multiple voice-related vulnerabilities are identified in Cisco IOS software, one of which is also shared with Cisco Unified Communications Manager. These vulnerabilities pertain to the following protocols or features:
–
–
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. Fixed Cisco IOS software listed in the Software Versions and Fixes section contains fixes for all vulnerabilities mentioned in this advisory.
There are no workarounds available to mitigate the effects of any of the vulnerabilities apart from disabling the protocol or feature itself.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
NHRP Bugs in IP Routing Protocols
•
The Cisco Next Hop Resolution Protocol (NHRP) feature in Cisco IOS contains a vulnerability that can result in a restart of the device or possible remote code execution.
NHRP is a primary component of the Dynamic Multipoint Virtual Private Network (DMVPN) feature.
NHRP can operate in three ways: at the link layer (Layer 2), over Generic Routing Encapsulation (GRE) and multipoint GRE (mGRE) tunnels and directly on IP (IP protocol number 54). This vulnerability affects all three methods of operation.
NHRP is not enabled by default for Cisco IOS.
This vulnerability is addressed by Cisco bug IDs CSCin95836 for non-12.2 mainline releases and CSCsi23231 for 12.2 mainline releases.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-nhrp.shtml.
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
SCP Bugs in 12.4(6)XE
•
The server side of the Secure Copy (SCP) implementation in Cisco IOS contains a vulnerability that allows any valid user, regardless of privilege level, to transfer files to and from an IOS device that is configured to be a Secure Copy server. This vulnerability could allow valid users to retrieve or write to any file on the device's filesystem, including the device's saved configuration. This configuration file may include passwords or other sensitive information.
The Cisco IOS Secure Copy Server is an optional service that is disabled by default. Devices that are not specifically configured to enable the Cisco IOS Secure Copy Server service are not affected by this vulnerability.
This vulnerability does not apply to the Cisco IOS Secure Copy Client feature.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml.
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
IPv6 Bugs in 12.4(6)XE
•
Cisco IOS and Cisco IOS XR contain a vulnerability when processing specially crafted IPv6 packets with a Type 0 Routing Header present. Exploitation of this vulnerability can lead to information leakage on affected Cisco IOS and Cisco IOS XR devices, and may also result in a crash of the affected Cisco IOS device. Successful exploitation on an affected device running Cisco IOS XR will not result in a crash of the device itself, but may result in a crash of the IPv6 subsystem.
Cisco has made free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-IPv6-leak.shtml.
Please Note: The August 08, 2007 publication includes four Security Advisories and one Security Response. The Advisories all affect Cisco IOS, one additionally affects CuCM as well. Each Advisory lists the releases that correct the vulnerability described in the Advisory, and the Advisories also detail the releases that correct the vulnerabilities for all four Cisco IOS issues. Individual publication links are listed below:
Cisco IOS Information Leakage Using IPv6 Routing Header
–
Cisco IOS Next Hop Resolution Protocol Vulnerability
–
Cisco IOS Secure Copy Authorization Bypass Vulnerability
–
Voice Vulnerabilities in Cisco IOS and Cisco Unified Call Manager
–
Cisco Unified MeetingPlace XSS Vulnerability
–
Additional References
The following sections describe the documentation available for the Cisco VG224 analog gateway. Typically, these documents consist of hardware and software installation guides, Cisco IOS configuration and command references, system error messages, feature modules, and other documents. Documentation is available as printed manuals or electronic documents, except for feature modules, which are available online on Cisco.com in pdf or html form.
Use these release notes with the documents listed in the following sections:
Release-Specific Documents
The following documents are specific to Release 12.4 and apply to Cisco IOS Release 12.4(11)XJ. They are located on Cisco.com:
•
•
•
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco VG224 analog gateways are available on Cisco.com at the following location:
http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html
Feature Modules
Feature modules describe new features supported by Cisco IOS Release 12.4 and Cisco IOS Release 12.4(6)XE, and are updates to the Cisco IOS documentation set. A feature module consists of a brief overview of the feature, benefits, configuration tasks, and a command reference. As updates, the feature modules are available online only.
Cisco Feature Navigator
Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a particular set of features and which features are supported in a particular Cisco IOS image. Cisco Feature Navigator is available 24 hours a day, 7 days a week.
To use Cisco Feature Navigator, you must have a JavaScript-enabled web browser such as Netscape 3.0 or later, or Internet Explorer 4.0 or later. Internet Explorer 4.0 always has JavaScript enabled. To enable JavaScript for Netscape 3.x or Netscape 4.x, follow the instructions provided with the web browser. For JavaScript support and enabling instructions for other browsers, check with the browser vendor.
Cisco Feature Navigator is updated when major Cisco IOS software releases and technology releases occur. You can access Feature Navigator at the following URL:
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. Cisco IOS Software Documentation is available in html or pdf form.
Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feed-back, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Open Source License Acknowledgements
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).
This product includes software written by Tim Hudson (tjh@cryptsoft.com).
License Issues
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact openssl-core@openssl.org.
OpenSSL License:
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
4.
5.
6.
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1.
2.
3.
"This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4.
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Use this document in conjunction with the documents listed in the "Additional References" section.
CCVP, the Cisco logo, and the Cisco Square Bridge logo are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn is a service mark of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, Follow Me Browsing, FormShare, GigaDrive, HomeLink, Internet Quotient, IOS, iPhone, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, iQuick Study, LightStream, Linksys, MeetingPlace, MGX, Networking Academy, Network Registrar, Packet, PIX, ProConnect, ScriptShare, SMARTnet, StackWise, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0705R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2007, Cisco Systems, Inc. All rights reserved
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)