Advertisement
Caveats
Resolved Caveats for Release 12.2(44)SQ1
Caveat
CSCsk64158
CSCso04657
CSCsv04836
CSCsw23043
Release Notes for Cisco RF Gateway 10 in Cisco IOS Release 12.2SQ
52
Description
Symptoms: Several features within Cisco IOS software are affected by a crafted
UDP packet vulnerability. If any of the affected features are enabled, a successful
attack will result in a blocked input queue on the inbound interface. Only crafted
UDP packets destined for the device could result in the interface being blocked,
transit traffic will not block the interface.
Cisco has released free software updates that address this vulnerability.
Workarounds that mitigate this vulnerability are available in the workarounds
section of the advisory. This advisory is posted at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
090325-udp.
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new
SSLVPN connections, due to a vulnerability in the processing of new TCP
connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this
vulnerability is triggered, debug messages with connection queue limit reached
will be observed. This vulnerability is documented in two separate Cisco bug IDs,
both of which are required for a full fix: CSCso04657 and CSCsg00102.
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that
manipulate the state of Transmission Control Protocol (TCP) connections. By
manipulating the state of a TCP connection, an attacker could force the TCP
connection to remain in a long-lived state, possibly indefinitely. If enough TCP
connections are forced into a long-lived or indefinite state, resources on a system
under attack may be consumed, preventing new TCP connections from being
accepted. In some cases, a system reboot may be necessary to recover normal
system operation. To exploit these vulnerabilities, an attacker must be able to
complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS
vulnerability that may result in a system crash. This additional vulnerability was
found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that
address these vulnerabilities. Workarounds that mitigate these vulnerabilities are
available.
This advisory is posted at
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20
090908-tcp24.
Symptoms: Resetting one line card causes a momentary glitch on another line card.
Conditions: This issue occurs only when the hw-module slot reset command is
issued.
Workaround: Use the cable linecard reset command to reset a line card.
OL-18677-10
Advertisement
