Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario descargar pdf (Pagina 209)

655

Caveats for Cisco IOS Release 12.2(33)SRD through 12.2(33)SRD8

OL-10394-05 Rev. R0

Workaround: There is no workaround.

• CSCsv04836

Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the

state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP

connection, an attacker could force the TCP connection to remain in a long-lived state, possibly

indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on

a system under attack may be consumed, preventing new TCP connections from being accepted. In

some cases, a system reboot may be necessary to recover normal system operation. To exploit these

vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable

system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that

may result in a system crash. This additional vulnerability was found as a result of testing the TCP

state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco website that address these

vulnerabilities. Workarounds that mitigate these vulnerabilities are available.

This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.

• CSCsv05934

Summary: Cisco’s VTP protocol implementation in some versions of Cisco IOS and CatOS may be

vulnerable to a DoS attack via a specially crafted VTP packet sent from the local network segment

when operating in either server or client VTP mode. When the device receives the specially crafted

VTP packet, the switch may crash (and reload/hang). The crafted packet must be received on a

switch interface configured to operate as a trunk port.

Workarounds: There are no workarounds available for this vulnerability.

This response is posted at a http://www.cisco.com/warp/public/707/cisco-sr-20081105-vtp.shtml

• CSCsv06608

Symptoms: SXP is set up between two devices but fails to initialize.

Conditions: This symptom is observed when SXP is set up between two devices.

Workaround: There is no workaround.

• CSCsv08352

Symptoms: Some static routes are not in the IP routing table state after a stateful switchover (SSO).

Conditions: This only occurs following a SSO event.

Workaround: Perform a shut/no shut of interface if the route does not come up automatically.

• CSCsv08528

Symptoms: After the Resilient Ethernet Protocol (REP) topology is returned by the rep preempt

command, MAC address table is not cleared.

Conditions: During internal testing, this occurred approximately 3 times out of 20.

Workaround: Use the clear mac-address-table dynamic command to clear the table.

• CSCsv13243

Symptoms: Configuring Bidirectional Forwarding Detection (BFD) for a Border Gateway Protocol

(BGP) neighbor that is established on a subinterface will cause the BGP session to go down.

Conditions: Occurs on a Cisco 7600 router with BGP session established on a subinterface and the

subinterface is configured in "native vlan" mode while the configured BFD session is in ECHO

Mode.

1 2 ... 204 205 206 207 208 209 210 211 212 213 214 ... 397 398

Comentarios a estos manuales

Sin comentarios

Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch Manual de usuario Pagina 209

Comentarios a estos manuales

Relacionado con productos y manuales para Redes Cisco 7600-ES20-GE3CXL-RF - Ethernet Services 20G Line Card Switch