Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(25)SEE1 and later
17
Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(25)SEE1 and later
459516-002
Resolved Caveats
The United States Computer Emergency Response Team (US-CERT) has assigned Vulnerability
Note VU#878044 to these vulnerabilities.
Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-0960 has been assigned to
these vulnerabilities.
This advisory will be posted at
http://www.cisco.com/warp/public/707/cisco-sa-20080610-snmpv3.shtml
• CSCsh89429
The switch no longer reloads when the write core privileged EXEC command is entered when testing
a core dump configuration and FTP is selected as the file transfer protocol.
• CSCsj39211
The switch no longer incorrectly overwrites the class of service (CoS) packets of internally
generated Multicast Listener Discovery (MLD) queries and other control packets.
Resolved IOS Caveats in Cisco IOS Release 12.2(25)SEE2
These are the resolved IOS caveats in Cisco IOS Release 12.2(25)SEE1:
• CSCec71950
Cisco routers and switches running Cisco IOS or Cisco IOS XR software may be vulnerable to a
remotely exploitable crafted IP option Denial of Service (DoS) attack. Exploitation of the
vulnerability may potentially allow for arbitrary code execution. The vulnerability may be exploited
after processing an Internet Control Message Protocol (ICMP) packet, Protocol Independent
Multicast version 2 (PIMv2) packet, Pragmatic General Multicast (PGM) packet, or URL
Rendezvous Directory (URD) packet containing a specific crafted IP option in the packet's IP
header. No other IP protocols are affected by this issue.
Cisco has made free software available to address this vulnerability for affected customers.
There are workarounds available to mitigate the effects of the vulnerability.
This vulnerability was discovered during internal testing. This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
• CSCef73145
The Mean Opinion Score (MOS) reported by an IP SLA jitter probe is now correct.
• CSCek26492
Symptoms: A router may crash if it receives a packet with a specific crafted IP option as detailed in
Cisco Security Advisory: Crafted IP Option Vulnerability:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
Conditions: This DDTS resolves a symptom of CSCec71950. Cisco IOS with this specific DDTS
are not at risk of crash if CSCec71950 has been resolved in the software.
Workaround: Cisco IOS versions with the fix for CSCec71950 are not at risk for this issue and no
workaround is required. If CSCec71950 is not resolved, see the following Cisco Security Advisory:
Crafted IP Option Vulnerability for workaround information:
http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml
• CSCsb81283
MAC notifications now work properly when port security is configured.