Vous êtes ici: index » cert » avis

Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés

Date : Wed, 09 Sep 2009 09:50:27 +0200
Type : VULN
Sujet : CERT-Renater : 2009/VULN350 (Cisco: TCP State Manipulation Denial of Service Vulnerabilities in Multiple Cisco Products)
====================================================================                                   CERT-Renater

                        Note d'Information No. 2009/VULN350
_____________________________________________________________________

DATE                      : 08/09/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Cisco IOS, Cisco IOS-XE, Cisco CatOS,
                             Cisco ASA software, Cisco PIX software,
                             Cisco NX-OS, Scientific Atlanta Products,
                             Linksys Products.

======================================================================
http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml
______________________________________________________________________

Cisco Security Advisory: TCP State Manipulation Denial of Service
Vulnerabilities in Multiple Cisco Products

Advisory ID: cisco-sa-20090908-tcp24

Revision 1.0

For Public Release 2009 September 8 1700 UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Multiple Cisco products are affected by denial of service (DoS)
vulnerabilities that manipulate the state of Transmission Control
Protocol (TCP) connections. By manipulating the state of a TCP
connection, an attacker could force the TCP connection to remain in a
long-lived state, possibly indefinitely. If enough TCP connections
are forced into a long-lived or indefinite state, resources on a
system under attack may be consumed, preventing new TCP connections
from being accepted. In some cases, a system reboot may be necessary
to recover normal system operation. To exploit these vulnerabilities,
an attacker must be able to complete a TCP three-way handshake with a
vulnerable system.

In addition to these vulnerabilities, Cisco Nexus 5000 devices
contain a TCP DoS vulnerability that may result in a system crash.
This additional vulnerability was found as a result of testing the
TCP state manipulation vulnerabilities.

Cisco has released free software updates for download from the Cisco
website that address these vulnerabilities. Workarounds that mitigate
these vulnerabilities are available.

This advisory is posted at:

http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml

Affected Products
=================

Vulnerable Products
+------------------

The following Cisco products have a TCP implementation that is
affected by these vulnerabilities. Refer to the Software Versions and
Fixes section for information on fixed software.

Cisco IOS Software

To determine the Cisco IOS Software release that is running on a
Cisco product, administrators can log into the device and issue the
"show version" command to display the system banner. The system banner
confirms that the device is running Cisco IOS Software by displaying
text similar to "Cisco Internetwork Operating System Software" or
"Cisco IOS Software." The image name displays in parentheses,
followed by "Version" and the Cisco IOS Software release name. Other
Cisco devices do not have the "show version" command or may provide
different output.

The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.3(26) with an installed image name of
C2500-IS-L:

    Router#show version
    Cisco Internetwork Operating System Software
    IOS (tm) 2500 Software (C2500-IS-L), Version 12.3(26), RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by cisco Systems, Inc.
    Compiled Mon 17-Mar-08 14:39 by dchih
    

The following example identifies a Cisco product that is running
Cisco IOS Software Release 12.4(20)T with an installed image name of
C1841-ADVENTERPRISEK9-M:

    Router#show version
    Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 12.4(20)T, RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Thu 10-Jul-08 20:25 by prod_rel_team
    

Additional information about Cisco IOS Software release naming
conventions is available in "White Paper: Cisco IOS Reference Guide"
at the following link:

http://www.cisco.com/warp/public/620/1.html

Cisco IOS-XE Software

The version of Cisco IOS-XE Software that is running on a Cisco
product can be determined using the "show version" command from the
Command Line Interface (CLI).

Cisco CatOS Software

The version of Cisco CatOS Software that is running on a Cisco
product can be determined using the "show version" command from the
CLI.

Cisco Adaptive Security Appliance (ASA) and Cisco PIX

Cisco ASA and Cisco PIX security appliances running versions 7.0,
7.1, 7.2, 8.0, and 8.1 are affected when configured for any of the
following features:

  * SSL VPNs
  * ASDM Administrative Access
  * Telnet Access
  * SSH Access
  * Cisco Tunneling Control Protocol (cTCP) for Remote Access VPNs
  * Virtual Telnet
  * Virtual HTTP
  * Transport Layer Security (TLS) Proxy for Encrypted Voice
    Inspection
  * Cut-Through Proxy for Network Access

The version of software that is running on a Cisco ASA and Cisco PIX
security appliances can be determined using the "show version" command
from the CLI.

Cisco NX-OS Software

The version of Cisco NX-OS Software that is running on Cisco Nexus
5000 and 7000 series devices can be determined using the "show version"
command from the CLI.

Scientific Atlanta Products

Scientific Atlanta customers are instructed to contact Scientific
Atlanta's Technical Support for questions regarding the impact,
mitigation and remediation of the vulnerabilities discussed in this
document.

Contact information for Scientific Atlanta Technical Support can be
found at the following web site:

http://www.cisco.com/en/US/products/ps10459/serv_group_home.html

Linksys Products

Customers with Linksys products should contact the following email
address for questions regarding the impact, mitigation and
remediation of the vulnerabilities discussed in this document:

security@linksys.com

Products Confirmed Not Vulnerable
+--------------------------------

The following Cisco products are not affected:

  * Cisco IOS XR
  * Cisco IOS Software Modularity
  * Cisco ASA and Cisco PIX Software version 8.2
  * Cisco PIX Software version 6.x and earlier
  * Cisco Firewall Services Module (FWSM)
  * Cisco Multilayer Distribution Switches (MDS)
  * Cisco Application Control Engine (ACE) Modules and Appliances
  * Cisco ACE XML Gateway
  * Cisco Access Control Server (ACS) Solution Engine
  * Cisco Guard
  * Cisco Security Monitoring, Analysis, and Response System (CS-MARS)
  * Cisco ONS 15000
  * Cisco Content Services Switches (CSS)
  * Cisco Wide Area Application Services (WAAS)
  * Cisco Wireless LAN Controller (WLC)
  * IronPort C, M, S and X Series Appliances

Cisco PSIRT tested Cisco products that are based on Linux and
Microsoft Windows operating systems and found that although TCP
connections in a FINWAIT1 state may temporarily consume system
resources the operating systems eventually clear the TCP connections.
If enough system resources are consumed, a sustained DoS condition
may be possible. This outcome is highly dependent on the
configuration and usage of a system. For more information about how
these vulnerabilities affect Microsoft Windows operating systems,
please consult the following Microsoft website at the following link:

http://go.microsoft.com/fwlink/?LinkId5978

No other Cisco products are currently known to be affected by these
vulnerabilities.

Details
=======

Multiple Cisco products are affected by DoS vulnerabilities in the
TCP protocol. By manipulating the state of TCP connections, an
attacker could force a system that is under attack to maintain TCP
connections for long periods of time, or indefinitely in some cases.
With a sufficient number of open TCP connections, the attacker may be
able to cause a system to consume internal buffer and memory
resources, resulting in new TCP connections being denied access to a
targeted port or an entire system. A system reboot may be required to
restore full system functionality. A full TCP three-way handshake is
required to exploit these vulnerabilities.

Network devices are not directly impacted by TCP state manipulation
DoS attacks transiting a device; however, network devices that
maintain the state of TCP connections may be impacted. If the
attacker can establish enough TCP connections through a transit
device that maintains TCP state, device resources may be exhausted
and prevent the device from processing new TCP connections, resulting
in a DoS condition. If an affected device that forwards traffic (that
is, routes) in a network is the target of a TCP state manipulation
attack, the attacker could cause a network-impacting DoS condition.

Cisco IOS Software

All Cisco IOS Software versions are affected by this vulnerability. A
device running Cisco IOS Software that is under attack will have
numerous hung TCP connections in the FINWAIT1 state. The "show tcp
brief" command can be used to display the hung TCP connections. The
following is example output showing an attack in progress.

    Router#show tcp brief | include FIN
    63D697C4  192.168.1.10.80            192.168.1.20.38479         FINWAIT1
    63032A28  192.168.1.10.80            192.168.1.20.54154         FINWAIT1
    645F8068  192.168.1.10.80            192.168.1.20.56287         FINWAIT1
    630323F4  192.168.1.10.80            192.168.1.20.6372          FINWAIT1
    63D69190  192.168.1.10.80            192.168.1.20.23489         FINWAIT1

The vulnerabilities for Cisco IOS Software are documented in Cisco
Bug ID CSCsv04836.

Cisco IOS-XE Software

All Cisco IOS-XE Software versions are affected by this
vulnerability. A device running Cisco IOS-XE Software that is under
attack will have numerous hung TCP connections in the FINWAIT1 state.
The "show tcp brief" command can be used to display the hung TCP
connections. The following is example output showing an attack in
progress.

    Router#show tcp brief | include FIN
    63D697C4  192.168.1.10.80            192.168.1.20.38479         FINWAIT1
    63032A28  192.168.1.10.80            192.168.1.20.54154         FINWAIT1
    645F8068  192.168.1.10.80            192.168.1.20.56287         FINWAIT1
    630323F4  192.168.1.10.80            192.168.1.20.6372          FINWAIT1
    63D69190  192.168.1.10.80            192.168.1.20.23489         FINWAIT1

The vulnerabilities for Cisco IOS-XE Software are documented in Cisco
Bug ID CSCsv07712.

Cisco CatOS Software

All Cisco CatOS Software versions are affected by these
vulnerabilities. A device running Cisco CatOS Software that is under
attack will have numerous hung TCP connections in the FIN_WAIT_1
state. The "show netstat" command can be used to display the hung TCP
connections. The following is example output showing an attack in
progress.

    Console> (enable) show netstat
    Active Internet connections (including servers)
    Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
    tcp        0     83  192.168.1.10.23        192.168.1.20.46056       FIN_WAIT_1
    tcp        0     83  192.168.1.10.23        192.168.1.20.16305       FIN_WAIT_1
    tcp        0     83  192.168.1.10.23        192.168.1.20.14628       FIN_WAIT_1
    tcp        0     83  192.168.1.10.23        192.168.1.20.7275        FIN_WAIT_1
    tcp        0     83  192.168.1.10.23        192.168.1.20.39559       FIN_WAIT_1

The vulnerabilities for Cisco CatOS Software are documented in Cisco
Bug ID CSCsv66169.

Cisco ASA and Cisco PIX Software

All Cisco ASA and Cisco PIX Software versions are affected by these
vulnerabilities. A device running Cisco ASA and Cisco PIX Software
that is under attack will have numerous TCP connections in the
established state. The "show asp table socket" command can be used to
display the TCP connections. The following is example output showing
a potential attack in progress.

    FIREWALL# show asp table socket | grep ESTAB
    TCP       123a8a6c  192.168.1.10:80           192.168.1.20:46181    ESTAB
    TCP       123e6d54  192.168.1.10:80           192.168.1.20:29546    ESTAB
    TCP       1244f78c  192.168.1.10:80           192.168.1.20:40271    ESTAB
    TCP       124f8d2c  192.168.1.10:80           192.168.1.20:46599    ESTAB
    TCP       12507f2c  192.168.1.10:80           192.168.1.20:5607     ESTAB

It is possible for normal traffic to cause established TCP
connections to appear on Cisco ASA or PIX devices, especially VPN
connections terminated to the device. In order to confirm if
established TCP connections are part of an attack, administrators
should use a monitoring point outside the firewall such as a packet
sniffer or Netflow collection agent to examine the profile of the
suspicious TCP connections and determine if an attack is occurring.

Note: The show asp table socket command was introduced in Cisco ASA
and Cisco PIX Software 8.0(1).

Further detail about hung TCP connections can be found with "show conn
detail all long" command. The IP address used to qualify the example
below is the address of the firewall interface under attack.

    FIREWALL# show conn detail all long | grep 192.168.1.10
    TCP outside:192.168.1.20/62345 (192.168.1.20/62345) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0
    TCP outside:192.168.1.20/56268 (192.168.1.20/56268) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0
    TCP outside:192.168.1.20/63445 (192.168.1.20/63445) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0
    TCP outside:192.168.1.20/49151 (192.168.1.20/49151) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0
    TCP outside:192.168.1.20/57147 (192.168.1.20/57147) NP Identity Ifc:192.168.1.10/80 (192.168.1.10/80), flags UB, idle 0s, uptime 0s, timeout 1m0s, bytes 0

Note: Both troubleshooting commands referenced about will display TCP
connections that are terminated to a firewall interface and
transiting through the firewall.

The vulnerabilities for Cisco ASA and Cisco PIX Software are
documented in Cisco Bug ID CSCsv02768.

Cisco NX-OS Software

All Cisco Nexus 5000 and 7000 platforms running Cisco NX-OS Software
are affected by these vulnerabilities. A Nexus 5005 or 7000 device
running Cisco NX-OS Software that is under attack will have numerous
hung TCP connections in the FIN_WAIT_1 state. The "show tcp connection
detail" command can be used to display the hung TCP connections. The
following is example output showing an attack in progress.

    NEXUS# show tcp connection detail | include FIN

      State: FIN_WAIT_1
      State: FIN_WAIT_1
      State: FIN_WAIT_1
      State: FIN_WAIT_1
      State: FIN_WAIT_1

The hung TCP connection vulnerabilities for Nexus 5000 and Nexus 7000
devices are documented in Cisco Bug ID CSCsv08325 and Cisco Bug ID CSCsv08579
respectively.

While investigating the TCP state manipulation vulnerabilities, it
was discovered that Cisco NX-OS on Nexus 5000 platforms may be
vulnerable to a system crash when receiving a specific sequence of
TCP packets. This vulnerability is documented in Cisco Bug ID
CSCsv08059 and has been assigned CVE identifier CVE-2009-0627.

The TCP state manipulation vulnerabilities have been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2008-4609.

Vulnerability Scoring Details
=============================

Cisco has provided scores for the vulnerabilities in this advisory
based on the Common Vulnerability Scoring System (CVSS). The CVSS
scoring in this Security Advisory is done in accordance with CVSS
version 2.0.

CVSS is a standards-based scoring method that conveys vulnerability
severity and helps determine urgency and priority of response.

Cisco has provided a base and temporal score. Customers can then
compute environmental scores to assist in determining the impact of
the vulnerability in individual networks.

Cisco has provided an FAQ to answer additional questions regarding
CVSS at:

http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html

Cisco has also provided a CVSS calculator to help compute the
environmental impact for individual networks at:

http://intellishield.cisco.com/security/alertmanager/cvss

CSCsv04836 - Connections getting stuck at FINWAIT1 state

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

CSCsv07712 - Connections getting stuck at FINWAIT1 state

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

CSCsv66169 - TCP Connections get stuck in FINWAIT1 state

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

CSCsv02768 - TCP connections getting stuck in FINWAIT1 state

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

CSCsv08325 - TCP connections may get stuck in any state after ESTAB indefinitely

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

CSCsv08579 - TCP connections get stuck in FINWAIT1 state indefinitely

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

CSCsv08059 - NEXUS 5000 crashes after certain TCP packets

CVSS Base Score - 7.8

Access Vector           - Network
Access Complexity       - Low
Authentication          - None
Confidentiality Impact  - None
Integrity Impact        - None
Availability Impact     - Complete

CVSS Temporal Score - 6.4

Exploitability          - Functional
Remediation Level       - Official-Fix
Report Confidence       - Confirmed

Impact
======

Successful exploitation of the TCP state manipulation vulnerabilities
may result in a DoS condition where new TCP connections are not
accepted on an affected system. Repeated exploitation may result in a
sustained DoS condition. A reboot may be required to recover affected
systems.

In addition, Cisco Nexus 5000 systems may crash upon receiving a
specific sequence of TCP packets.

Software Versions and Fixes
===========================

When considering software upgrades, also consult:

http://www.cisco.com/go/psirt

and any subsequent advisories to determine exposure and a
complete upgrade solution.

In all cases, customers should exercise caution to be certain the
devices to be upgraded contain sufficient memory and that current
hardware and software configurations will continue to be supported
properly by the new release. If the information is not clear, contact
the Cisco Technical Assistance Center (TAC) or your contracted
maintenance provider for assistance.

Cisco IOS Software

Each row of the Cisco IOS software table (below) names a Cisco IOS
release train. If a given release train is vulnerable, then the
earliest possible releases that contain the fix (along with the
anticipated date of availability for each, if applicable) are listed
in the "First Fixed Release" column of the table. The "Recommended
Release" column indicates the releases which have fixes for all the
published vulnerabilities at the time of this Advisory. A device
running a release in the given train that is earlier than the release
in a specific column (less than the First Fixed Release) is known to
be vulnerable. Cisco recommends upgrading to a release equal to or
later than the release in the "Recommended Releases" column of the
table.

+-----------------------------------------+
|   Major    |  Availability of Repaired  |
|  Release   |          Releases          |
|------------+----------------------------|
|  Affected  | First Fixed  | Recommended |
| 12.0-Based |   Release    |   Release   |
|  Releases  |              |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0       | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0DA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.4(15)T10 |
|            |              |             |
|            |              | 12.4(20)T4  |
|            | Vulnerable;  |             |
| 12.0DB     | first fixed  | 12.4(22)T3  |
|            | in 12.4T     |             |
|            |              | 12.4(24)T2; |
|            |              | Available   |
|            |              | on          |
|            |              | 23-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0DC     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.0(33)S5  |
|            |              |             |
|            | 12.0(33)S3   | 12.0(32)    |
| 12.0S      |              | S14;        |
|            | 12.0(32)S12  | Available   |
|            |              | on          |
|            |              | 25-SEP-2009 |
|------------+--------------+-------------|
|            |              | 12.0(33)S5  |
|            |              |             |
|            | Vulnerable;  | 12.0(32)    |
| 12.0SC     | first fixed  | S14;        |
|            | in 12.0S     | Available   |
|            |              | on          |
|            |              | 25-SEP-2009 |
|------------+--------------+-------------|
|            |              | 12.0(33)S5  |
|            |              |             |
|            | Vulnerable;  | 12.0(32)    |
| 12.0SL     | first fixed  | S14;        |
|            | in 12.0S     | Available   |
|            |              | on          |
|            |              | 25-SEP-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0SP     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.0(33)S5  |
|            |              |             |
|            | Vulnerable;  | 12.0(32)    |
| 12.0ST     | first fixed  | S14;        |
|            | in 12.0S     | Available   |
|            |              | on          |
|            |              | 25-SEP-2009 |
|------------+--------------+-------------|
|            |              | 12.0(33)S5  |
|            |              |             |
|            | Vulnerable;  | 12.0(32)    |
| 12.0SX     | first fixed  | S14;        |
|            | in 12.0S     | Available   |
|            |              | on          |
|            |              | 25-SEP-2009 |
|------------+--------------+-------------|
|            | 12.0(32)SY8  | 12.0(32)    |
|            |              | SY9a        |
|            | 12.0(32)SY9a |             |
| 12.0SY     |              | 12.0(32)    |
|            | 12.0(32)SY10 | SY10;       |
|            | ; Available  | Available   |
|            | on           | on          |
|            | 25-SEP-2009  | 25-SEP-2009 |
|------------+--------------+-------------|
|            |              | 12.0(33)S5  |
|            |              |             |
|            |              | 12.0(32)    |
| 12.0SZ     | 12.0(30)SZ10 | S14;        |
|            |              | Available   |
|            |              | on          |
|            |              | 25-SEP-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0T      | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.4(15)T10 |
|            |              |             |
|            |              | 12.4(20)T4  |
|            | Vulnerable;  |             |
| 12.0W      | first fixed  | 12.4(22)T3  |
|            | in 12.4T     |             |
|            |              | 12.4(24)T2; |
|            |              | Available   |
|            |              | on          |
|            |              | 23-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.0WC     | first fixed  |             |
|            | in 12.4T     |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0WT     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XB     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XC     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XD     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XE     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.0XF     | first fixed  |             |
|            | in 12.4      |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XG     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XH     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(25b)   |
| 12.0XI     | first fixed  |             |
|            | in 12.4      | 12.4(23b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XJ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XK     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XL     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XM     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XN     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XQ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.4(15)T10 |
|            |              |             |
|            |              | 12.4(20)T4  |
|            | Vulnerable;  |             |
| 12.0XR     | first fixed  | 12.4(22)T3  |
|            | in 12.4T     |             |
|            |              | 12.4(24)T2; |
|            |              | Available   |
|            |              | on          |
|            |              | 23-OCT-2009 |
|------------+--------------+-------------|
|            |              | 12.4(15)T10 |
|            |              |             |
|            |              | 12.4(20)T4  |
|            | Vulnerable;  |             |
| 12.0XS     | first fixed  | 12.4(22)T3  |
|            | in 12.4T     |             |
|            |              | 12.4(24)T2; |
|            |              | Available   |
|            |              | on          |
|            |              | 23-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XT     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.0XV     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|  Affected  | First Fixed  | Recommended |
| 12.1-Based |   Release    |   Release   |
|  Releases  |              |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1       | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1AA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1AX     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.1(22)    |
| 12.1AY     | first fixed  | EA13        |
|            | in 12.1EA    |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.1(22)    |
| 12.1AZ     | first fixed  | EA13        |
|            | in 12.1EA    |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1CX     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1DA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1DB     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1DC     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1E      | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
| 12.1EA     | 12.1(22)EA13 | 12.1(22)    |
|            |              | EA13        |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1EB     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1EC     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1EO     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1EU     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1EV     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1EW     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1EX     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
| 12.1EY     | 12.2(44)EY   | 12.2(46)EY  |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1EZ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1GA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1GB     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1T      | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XB     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XC     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XD     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XE     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XF     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XG     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XH     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XI     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XJ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XL     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XM     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XP     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XQ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XR     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.4(15)T10 |
|            |              |             |
|            |              | 12.4(20)T4  |
|            | Vulnerable;  |             |
| 12.1XS     | first fixed  | 12.4(22)T3  |
|            | in 12.4T     |             |
|            |              | 12.4(24)T2; |
|            |              | Available   |
|            |              | on          |
|            |              | 23-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XT     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XU     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XV     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XW     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XX     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XY     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1XZ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1YA     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1YB     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1YC     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1YD     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.4(15)T10 |
|            |              |             |
|            |              | 12.4(20)T4  |
|            | Vulnerable;  |             |
| 12.1YE     | first fixed  | 12.4(22)T3  |
|            | in 12.4T     |             |
|            |              | 12.4(24)T2; |
|            |              | Available   |
|            |              | on          |
|            |              | 23-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1YF     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.1YH     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.1YI     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.1(22)    |
| 12.1YJ     | first fixed  | EA13        |
|            | in 12.1EA    |             |
|------------+--------------+-------------|
|  Affected  | First Fixed  | Recommended |
| 12.2-Based |   Release    |   Release   |
|  Releases  |              |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2       | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2B      | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2BC     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2BW     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2BX     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2BY     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2BZ     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2CX     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2CY     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.2(28)    |
|            | Vulnerable;  | SB14;       |
| 12.2CZ     | first fixed  | Available   |
|            | in 12.2SB    | on          |
|            |              | 20-OCT-2009 |
|------------+--------------+-------------|
|            |              | 12.4(25b)   |
| 12.2DA     | 12.2(12)DA14 |             |
|            |              | 12.4(23b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2DD     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2DX     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2EW     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2EWA    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2EX     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Releases     |             |
|            | prior to     |             |
|            | 12.2(44)EY   | 12.2(50)SE3 |
|            | are          |             |
| 12.2EY     | vulnerable,  | 12.2(52)SE; |
|            | release 12.2 | Available   |
|            | (44)EY and   | on          |
|            | later are    | 13-OCT-2009 |
|            | not          |             |
|            | vulnerable   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2EZ     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2FX     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2FY     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2FZ     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2IRA    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2IRB    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
| 12.2IRC    | 12.2(33)IRC  |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXA    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXB    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXC    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXD    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXE    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXF    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
| 12.2IXG    | migrate to   |             |
|            | any release  |             |
|            | in 12.2IXH   |             |
|------------+--------------+-------------|
| 12.2IXH    | 12.2(18)IXH  |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2JA     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2JK     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2MB     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            |              | 12.4(25b)   |
| 12.2MC     | 12.2(15)MC2m |             |
|            |              | 12.4(23b)   |
|------------+--------------+-------------|
|            |              | 12.2(28)    |
|            | Vulnerable;  | SB14;       |
| 12.2S      | first fixed  | Available   |
|            | in 12.2SB    | on          |
|            |              | 20-OCT-2009 |
|------------+--------------+-------------|
|            |              | 12.2(31)    |
|            | 12.2(28)SB13 | SB16        |
|            |              |             |
|            | 12.2(31)SB14 | 12.2(28)    |
| 12.2SB     |              | SB14;       |
|            | 12.2(33)SB1b | Available   |
|            |              | on          |
|            | 12.2(34)SB2  | 20-OCT-2009 |
|            |              |             |
|            |              | 12.2(33)SB7 |
|------------+--------------+-------------|
|            |              | 12.2(28)    |
|            | Vulnerable;  | SB14;       |
| 12.2SBC    | first fixed  | Available   |
|            | in 12.2SB    | on          |
|            |              | 20-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SCA    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
| 12.2SCB    | 12.2(33)SCB1 | 12.2(33)    |
|            |              | SCB4        |
|------------+--------------+-------------|
|            | 12.2(44)SE5  | 12.2(50)SE3 |
|            |              |             |
| 12.2SE     | 12.2(46)SE2  | 12.2(52)SE; |
|            |              | Available   |
|            | 12.2(50)SE   | on          |
|            |              | 13-OCT-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SEA    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SEB    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SEC    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SED    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SEE    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SEF    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SEG    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
| 12.2SG     | 12.2(50)SG   | 12.2(53)SG1 |
|------------+--------------+-------------|
|            |              | 12.2(31)    |
|            |              | SGA11;      |
| 12.2SGA    | 12.2(31)SGA9 | Available   |
|            |              | on          |
|            |              | 04-DEC-2009 |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2SL     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Releases     |             |
|            | prior to     |             |
|            | 12.2(29)SM5  |             |
|            | are          |             |
| 12.2SM     | vulnerable,  | 12.2(29)SM5 |
|            | release 12.2 |             |
|            | (29)SM5 and  |             |
|            | later are    |             |
|            | not          |             |
|            | vulnerable   |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SO     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
| 12.2SQ     | 12.2(44)SQ2  |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SRA    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            |              | 12.2(33)    |
|            |              | SRD3        |
|            |              |             |
| 12.2SRB    | 12.2(33)     | 12.2(33)    |
|            | SRB5a        | SRC5;       |
|            |              | Available   |
|            |              | on          |
|            |              | 29-OCT-2009 |
|------------+--------------+-------------|
|            |              | 12.2(33)    |
|            |              | SRC5;       |
| 12.2SRC    | 12.2(33)SRC3 | Available   |
|            |              | on          |
|            |              | 29-OCT-2009 |
|------------+--------------+-------------|
| 12.2SRD    | 12.2(33)SRD1 | 12.2(33)    |
|            |              | SRD3        |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2STE    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  | 12.4(23b)   |
| 12.2SU     | first fixed  |             |
|            | in 12.4      | 12.4(25b)   |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SV     | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SVA    | instructions |             |
|            | in Obtaining |             |
|            | Fixed        |             |
|            | Software     |             |
|            | section of   |             |
|            | this         |             |
|            | advisory     |             |
|------------+--------------+-------------|
|            | Vulnerable;  |             |
|            | Contact your |             |
|            | support      |             |
|            | organization |             |
|            | per the      |             |
| 12.2SVC    | instructions |