Cisco Gigabit Ethernet Switch Module for HPBladeSystem p-Class Release Notes, CiscoIOSRelease12.2(35)SE and later
20
Cisco Gigabit Ethernet Switch Module for HP BladeSystem p-Class Release Notes, Cisco IOS Release 12.2(35)SE and later
459515-002
Resolved Caveats
• CSCsb74648
When a Cisco device is configured for Network Admission Control and the EAP over UDP port
number changes from its default value and then changes back with the eou default switch
configuration command, the port change now takes effect.
• CSCsc05371
When you configure a MAC address filter by entering the mac-address-table static vlan drop
global configuration command, IEEE 802.1X no longer authenticates supplicants using that address.
If a supplicant with that address is authenticated, its authorization is revoked.
• CSCsc26726
The interfaces GigabitEthernet0/23 and 0/24 now link to another switch or host when the interface
speed is set to an explicit value or auto-MDIX is disabled.
• CSCsc29225
When you remove the bridge topology change trap with the no snmp-server enable traps bridge
topologychange configuration command, the stpx root-inconsistency trap is now active.
• CSCsd78044
When IGMP snooping is enabled and an EtherChannel member interface goes down, the switch now
forwards multicast traffic on the rest of the EhternetChannel member interfaces.
• CSCsc83583
When you enter the show interfaces transceiver properties privileged EXEC command for a Gigabit
Ethernet dual-media interface and the interface is set to media-type rj45, the output now shows the
correct attached SFP module. This only applies to GigabitEthernet0/17 to 0/20.
• CSCsd85587
A vulnerability has been discovered in a third party cryptographic library which is used by a number
of Cisco products. This vulnerability may be triggered when a malformed Abstract Syntax Notation
One (ASN.1) object is parsed. Due to the nature of the vulnerability it may be possible, in some
cases, to trigger this vulnerability without a valid certificate or valid application-layer credentials
(such as a valid username or password).
Successful repeated exploitation of any of these vulnerabilities may lead to a sustained
Denial-of-Service (DoS); however, vulnerabilities are not known to compromise either the
confidentiality or integrity of the data or the device. These vulnerabilities are not believed to allow
an attacker will not be able to decrypt any previously encrypted information.
The vulnerable cryptographic library is used in the following Cisco products:
–
Cisco IOS, documented as Cisco bug ID CSCsd85587
–
Cisco IOS XR, documented as Cisco bug ID CSCsg41084
–
Cisco PIX and ASA Security Appliances, documented as Cisco bug ID CSCse91999
–
Cisco Unified CallManager, documented as Cisco bug ID CSCsg44348
–
Cisco Firewall Service Module (FWSM)
This vulnerability is also being tracked by CERT/CC as VU#754281.
Cisco has made free software available to address this vulnerability for affected customers. There
are no workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.