Cisco IOS is affected by the following vulnerabilities:
–
–
–
Cisco has made free software available to address these vulnerabilities for affected customers. There
are workarounds available to mitigate the effects of these vulnerabilities.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20070522-SSL.shtml.
Note
A combined software table for Cisco IOS is available to aid customers in choosing a software
releases that fixes all security vulnerabilities published as of May 22, 2007. This software table is
available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-cry-bundle.shtml.
CSCsb56438
•
An extra index no longer appears in the port table of the ciscoStpExtensions MIB.
CSCsb74648
•
When a Cisco device is configured for Network Admission Control and the EAP over UDP port
number changes from its default value and then changes back with the eou default switch
configuration command, the port change now takes effect.
CSCsb75245
•
When you configure a Cisco IP Phone to use Network Admission Control, the CDP packet is no
longer delayed, and the phone is no longer identified as an agentless host without an identity profile.
CSCsb97854
•
When a source port for a SPAN session has IEEE 802.1x enabled, Extensible Authentication
Protocol over LAN (EAPOL) packets are now visible to the packet sniffing tool.
CSCsc05371
•
When you configure a MAC address filter by entering the mac-address-table static vlan drop
global configuration command, IEEE 802.1X no longer authenticates supplicants using that address.
If a supplicant with that address is authenticated, its authorization is revoked.
CSCsc26726
•
The interfaces GigabitEthernet0/23 and 0/24 now link to another switch or host when the interface
speed is set to an explicit value or auto-MDIX is disabled.
CSCsc29225
•
When you remove the bridge topology change trap with the no snmp-server enable traps bridge
topologychange configuration command, the stpx root-inconsistency trap is now active.
CSCsc83583
•
When you enter the show interfaces transceiver properties privileged EXEC command for a Gigabit
Ethernet dual-media interface and the interface is set to media-type rj45, the output now shows the
correct attached SFP module. This only applies to GigabitEthernet0/17 to 0/20.
OL-8918-03
Processing ClientHello messages, documented as Cisco bug ID CSCsb12598
Processing ChangeCipherSpec messages, documented as Cisco bug ID CSCsb40304
Processing Finished messages, documented as Cisco bug ID CSCsd92405
Another related advisory has been posted with this advisory. This additional advisory also
describes a vulnerability related to cryptography that affects Cisco IOS. This related advisory is
available at the following link:
http://www.cisco.com/warp/public/707/cisco-sa-20070522-crypto.shtml.
Release Notes for the Cisco Catalyst Blade Switch 3020 for HP, Cisco IOS Release 12.2(35)SE and Later
Resolved Caveats
17
Imprimir página