cc/td/doc/product/aggr/bbsm/bbsmhs10
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

Release Notes for Cisco BBSM Hotspot 1.0 Service Pack 1
Contents
Introduction
Installation
Special WEBpatch Note
Important IP Spoofing Note
Resolved Caveats
Obtaining Documentation
Documentation Feedback
Obtaining Technical Assistance
Obtaining Additional Publications and Information

Release Notes for Cisco BBSM Hotspot 1.0 Service Pack 1


January 2004

These release notes describe the Cisco Building Broadband Service Manager (BBSM) Hotspot 1.0 Service Pack 1 (SP1), which resolves caveats and problems in BBSM Hotspot 1.0. This service pack is cumulative and contains Microsoft security updates and all previously released patches. This service pack has no dependencies.


Note   The most current Cisco documentation for released products is available on Cisco Connection Online (CCO) at http://www.cisco.com . Online documents may contain updates and modifications made after the paper documents are printed.

Contents

Introduction

BBSM Hotspot 1.0 SP1 can be installed onto any BBSM Hotspot 1.0 server. This service pack consists of the latest fixes to date and includes these patches:

PatchMS03007.exe—Patch 5215

This patch installs Microsoft patches and corrects a Microsoft vulnerability on the BBSM Hotspot 1.0 server. A Windows component that is used by WebDAV contains a security vulnerability that exists because the component contains an unchecked buffer. This vulnerability can be exploited if an attacker sends a specially formed HTTP request to a computer running Microsoft Internet Information Services (IIS). This request can cause the server to fail or to run code of the attacker's choice, which would run in the security context of the IIS service.

For additional information, refer to Microsoft Security Bulletin MS03-007 at this website:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-007.asp

For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsm52/relnote/pch5215a.pdf

BBSMHS-AP1100-VLAN.exe—Patch 5219

This patch adds support for a default VLAN on the Cisco Aironet 1100 Series Access Point using Cisco IOS Release 12.2. If you add VLANs to your access point in the future, you must reconfigure your BBSM Hotspot port settings afterwards. For additional information, refer to the "Reconfiguring BBSM Hotspot Port Settings" section at this Cisco website: http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/ptch5219.pdf.


Note   If you experience a problem disconnecting a client that is using the Cisco Aironet client adapter, upgrade the client adapter software to the latest available version on CCO.

For additional 1100 series access point information, refer to this website:

http://www.cisco.com/en/US/products/hw/wireless/ps4570/index.html

For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/ptch5219.pdf

BBSMHS-AccessCodePatch.exe—Patch 5221

This patch adds support for the English (United Kingdom) regional settings for access code dates. Prior to the release of this patch, if the BBSM Hotspot 1.0 server regional settings were set to English (United Kingdom), the access code dates were transposed and not processed correctly. For example, if access codes were generated for use between 5/3 (May 3) and 5/4 (May 4), BBSM Hotspot reported that the access codes were valid between 3/5 (March 5) and 4/5 (April 5). This patch applies to all new access codes that are generated after the patch is installed, but it does not fix existing access codes that have incorrect dates.


Caution   After this patch is installed, you must regenerate any access codes that have incorrect dates.

Other non-English regional settings are not supported at this time. For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/ptch5221.pdf

Hotspot-UpdatedSSLPatch.exe—Patch 5229

This patch updates and replaces Patch 5225, modifies BBSM Hotspot to prevent unauthenticated web proxy browser clients from browsing to external SSL websites, and resolves the BBSM Hotspot reboot problem that occurs when a Macintosh iBook client connects to the BBSM Hotspot network. For additional information about the Macintosh iBook problem, refer to DDTS incident CSCeb65894.

Prior to the release of this patch, some browser configurations allowed end users to access an SSL web page (https) before they were authenticated. BBSM Hotspot did not redirect these clients to the start page, and they could access an SSL page without logging in. After this patch is applied, the Macintosh iBook reboot problem is resolved, and clients cannot access SSL pages unless they are authenticated.


Note   Clients that have an SSL page configured as the home page on their browser receive a browser error page when they first launch their browser. They must open a different http page to be redirected to the BBSM Hotspot Start page.

For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/ptch5229.pdf

MDACSecurity.exe—Patch 5233

This patch eliminates a Microsoft Data Access Components (MDAC) security vulnerability on the BBSM Hotspot 1.0 server. MDAC is a collection of components that are used to provide database connectivity on Windows platforms. This security vulnerability exists because of an unchecked buffer in a specific MDAC component. Attackers could exploit this vulnerability and cause a buffer overrun to occur in a specific MDAC component, which would enable them to take any action on the system. This patch prevents an attacker from exploiting this vulnerability.

For additional information, refer to Microsoft Security Bulletin MS03-033 at this website:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-033.asp

For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/pch5233b.pdf

HSAPsAndSwitches.exe—Patch 5235

This patch adds new access point and switch types to the BBSM Hotspot 1.0 server, resolves problems with Cisco Aironet 1100 or 1200 (IOS) access points, and replaces patch 5219.

This patch adds these Cisco Catalyst switch types to the Cisco Switch Type drop-down menu on the Network Devices - Switches web page in Hotspot Configuration:

This patch adds these access point types to the Cisco Access Point Type drop-down menu on the Network Devices - Access Points web page in Hotspot Configuration:

Clients that are connected and browsing the Internet using packet-type switches or access points are automatically disconnected if their idle time exceeds the number of seconds that is specified by the administrator in the Packet Inactivity Period field, which is located on the Network Devices - Switches web page or the Network Devices - Access Points web page in Hotspot Configuration.

For additional Cisco Aironet information, refer to this website:

http://www.cisco.com/en/US/products/hw/wireless/index.html


Caution   This patch changes the port index references on Cisco Aironet 1100 or 1200 (IOS) access points that are used by BBSM Hotspot. This prevents BBSM Hotspot from functioning properly with regard to previously generated port settings (port maps). If you already have the Cisco Aironet 1100 and 1200 (IOS) configured, or you add or delete VLANs on access points, you must reconfigure the BBSM port settings for these devices after you install this patch.

If you experience a problem disconnecting a client that is using the Cisco Aironet client adapter, upgrade the client adapter software to the latest available version on CCO.

For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/ptch5235.pdf

RPCSSBufferOverrun.exe—Patch 5239

This patch replaces patch 5231 and eliminates Microsoft security vulnerabilities on the BBSM Hotspot 1.0 server. These vulnerabilities affect the Distributed Component Object Model (DCOM) interface, which handles DCOM object activation requests that are sent from one machine to another within the RPCSS Service.

These Microsoft vulnerabilities have been identified in the part of RPCSS Service that deals with Remote Procedure Call (RPC) messages for DCOM activation. These vulnerabilities result from incorrect handling of malformed messages and could allow arbitrary code execution and denial of service.

An attacker could exploit these vulnerabilities by creating a program that sends a malformed RPC message that targets the RPCSS Service on a vulnerable system. If successful, the attacker could run code with Local System privileges on the affected system or cause the RPCSS Service to fail. This would enable the attacker to remotely compromise a computer running Microsoft Windows and gain complete control over it.

For additional information, refer to this Microsoft website:

http://www.microsoft.com/technet/security/bulletin/MS03-039.asp

For additional information about this patch, refer to this Cisco website:

http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/bbsmhs10/relnotes/pch5239h.pdf

Installation

BBSM Hotspot service packs and patches can be installed locally onto any BBSM Hotspot server with Internet access, or they can be installed remotely onto multiple BBSM Hotspot servers from another computer.


Caution   We recommend terminating all client sessions during BBSM Hotspot service pack and patch upgrades and installations. For additional information, refer to the Cisco BBSM Hotspot 1.0 User Guide.

Follow these steps to install this patch onto your BBSM Hotspot 1.0 server:


Step 1   Using the Internet Explorer (IE) web browser, go to the Cisco BBSM Hotspot 1.0 Software Download website:

http://www.cisco.com/pcgi-bin/tablebuild.pl/bbsmhs10

Step 2   Download BBSMHS10SP1.exe to a temporary location on your computer.


Note    If you are using the Windows 2000 (SP2 or later) or Windows XP operating systems to install this patch remotely, the Updates web pages load very slowly. To prevent this problem, uncheck the Client for Microsoft Networks check box in the NIC Properties window on your remote computer.

Step 3   In the IE browser field, enter http://<address>:9488/www where <address> is either the external NIC address of the BBSM Hotspot server (if you are accessing it externally) or the internal IP address of the BBSM Hotspot server (if you are accessing it from within the BBSM Hotspot subnet).

For example, enter http://10.10.1.2:9488/www and press Enter. The Enter Network Password window appears. (See Figure 1.)


Figure 1   Enter Network Password Window


Step 4   Enter your username and password. (Do not enter any information in the Domain field.)


Note    You must have administrator privileges to log on.

Step 5   Click OK. The remote BBSM Hotspot Dashboard appears.


Note    You must use the IE browser when using the Updates tool on the BBSM Hotspot 1.0 Dashboard because of some known problems and incompatibilities with Netscape Navigator.

Step 6   From the BBSM Hotspot Dashboard, use the Updates tool to install this patch.


Note    Refer to the Cisco BBSM Hotspot 1.0 User Guide for instructions on transferring and installing patches and service packs. This patch automatically reboots your BBSM Hotspot server.



Special WEBpatch Note

After you install BBSM Hotspot 1.0 SP1, a complete patch log is not generated for BBSM Hotspot 1.0 SP1 in the WEBpatch - Patch Log web page. The log has only one entry, CPatchUtil::InstallPatch started, which indicates that the service pack was successfully installed.

Important IP Spoofing Note

BBSM Hotspot 1.0 SP1 has a new feature that detects IP spoofing. When two clients try to use the same IP address, the second client is prevented from accessing the system.

When link status is used as the activity detection method and other devices, such as hubs, are attached to the port, BBSM considers end-user sessions to be active for as long as the device is connected. This occurs regardless of whether the end user is passing packets through the port or not. In this situation, a problem can occur because there is no method to synchronize the DHCP server and other BBSM components. When the DHCP lease, which is normally set to one hour, expires, BBSM thinks the session is still active because the link status is up.

When another client connects to a different port, the DHCP server assigns the expired IP address. BBSM still sees this IP address as active since the hub on the port keeps the link status up. For this reason, BBSM assumes the new client is trying to spoof an IP address, so their packets are dropped.

The workaround is to either remove the hub or other device from the port or to change the activity detection method, which is set through Hotspot Configuration. To do so, follow these steps:


Step 1   Launch the IE web browser link to the Cisco BBSM Hotspot Dashboard. (If you are not at the Hotspot server, you can access Hotspot Configuration remotely by running IE and typing the address http://<ext_NIC_IP_addr>:9488/www , where <ext_NIC_IP_addr> is the IP address of the external interface on the Hotspot server.)


Note    If you access the Hotspot server remotely, the Enter Network Password window appears. You must have administrator privileges to log on. Enter your username and password, but do not enter any information in the Domain field. Click OK to access the remote BBSM Hotspot Dashboard.

Step 2   From the Dashboard, click Hotspot Configuration. The Server Settings web page appears.

Step 3   In the NavBar, click the plus sign next to Network Devices.

Step 4   Click either Switches or Access Points.

From the Network Devices - Switches web page, click the Cisco Switch Type drop-down arrow, and change the selected switch type to the correct packet type.

From the Network Devices - Access Points web page, click the Cisco Access Point Type drop-down arrow, and change the selected access point type to the correct packet type.


Note    For example, if you are using the Aironet 1100 AP, choose Aironet 1100 Packet. Make sure the value in this field is greater than zero. A good starting point is 300 seconds (5 minutes).

Step 5   To save the new switch or access point type, click Save.

Step 6   Repeat for every switch or access point needing this modification.

Only Cisco switches and access points support Packet Inactivity switch types. If you are using other access points or switch types, they are considered legacy devices and are not supported by TAC.



Resolved Caveats

This section describes the caveats that have been resolved with BBSM Hotspot 1.0 SP1.

When you run the Switch Discovery Wizard, the SwitchDiscovery.exe - Entry Point Not Found - The procedure entry point IcmpCreateFile could not be located in the dynamic link library iphlpapi.dll. error message no longer appears.

When a client clicks the disconnect button while using the RadiusUband or RadiusUbandClear page set, the generated charge summary statement now shows the correct figures.

BBSM Hotspot networks now have enough IP addresses for the ranges required by the Hotspot Setup Wizard.

The atnat.sys is more restrictive and no longer has a hole that allows http GET requests to pass through the system.

When using Internet Explorer, Macintosh clients can now connect after they initially log on from the start page.

Users can no longer browse the https pages without being redirected to the BBSM connect screen

If VLAN 1 is configured as a default management VLAN on the Cisco Aironet 1100 series access point, clients can now connect, and a port map is generated.

When the regional settings of the BBSM server are set to anything except English (United States), the access codes calendar days are no longer transposed, and they are processed correctly.

When Atnat receives an invalid Address Resolution Protocol (ARP), it no longer reboots the BBSM server when it is not supposed to.

If the port hop delay is set for a longer period than a client's session timeout in a RADIUS prepaid case, the client's port hopping no longer stays in progress indefinitely.

When a Macintosh iBook client connects to the BBSM network through a Cisco Aironet 1200 series access point or through an Ethernet cable to a switch on the BBSM network, the BBSM server no longer reboots when it is not supposed to.

Atnat has been further modified with additional safeguards to prevent security holes that result from malformed GET requests.

When clients are not in the Found state and they access the Post ASP page, BBSM no longer posts a phantom entry in Port_State_Radius table, which allows clients to connect.

The sysObjectID for the Cisco Aironet 1230 access point has been added to the registry, and the Switch Discovery Wizard no longer discovers the Cisco Aironet 1230 access point as an unknown switch type.

Clients can now connect to BBSM after making configuration changes to Cisco Aironet 1100 and 1200 (IOS) series access points. These access points no longer stop working after configuration changes have been made.

Packet Inactivity Timer will now expire correctly.

Obtaining Documentation

Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.

Related Documentation

The following documents provide information about BBSM:

Cisco.com

You can access the most current Cisco documentation on the World Wide Web at this URL:

http://www.cisco.com/univercd/home/home.htm

You can access the Cisco website at this URL:

http://www.cisco.com

International Cisco websites can be accessed from this URL:

http://www.cisco.com/public/countries_languages.shtml

Ordering Documentation

You can find instructions for ordering documentation at this URL:

http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm

You can order Cisco documentation in these ways:

http://www.cisco.com/en/US/partner/ordering/index.shtml

Documentation Feedback

You can submit e-mail comments about technical documentation to bug-doc@cisco.com.

You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:

Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance

For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, the Cisco Technical Assistance Center (TAC) provides 24-hour-a-day, award-winning technical support services, online and over the phone. Cisco.com features the Cisco TAC website as an online starting point for technical assistance. If you do not hold a valid Cisco service contract, please contact your reseller.

Cisco TAC Website

The Cisco TAC website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The Cisco TAC website is available 24 hours a day, 365 days a year. The Cisco TAC website is located at this URL:

http://www.cisco.com/tac

Accessing all the tools on the Cisco TAC website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a login ID or password, register at this URL:

http://tools.cisco.com/RPF/register/register.do

Opening a TAC Case

Using the online TAC Case Open Tool is the fastest way to open P3 and P4 cases. (P3 and P4 cases are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Case Open Tool automatically recommends resources for an immediate solution. If your issue is not resolved using the recommended resources, your case will be assigned to a Cisco TAC engineer. The online TAC Case Open Tool is located at this URL:

http://www.cisco.com/tac/caseopen

For P1 or P2 cases (P1 and P2 cases are those in which your production network is down or severely degraded) or if you do not have Internet access, contact Cisco TAC by telephone. Cisco TAC engineers are assigned immediately to P1 and P2 cases to help keep your business operations running smoothly.

To open a case by telephone, use one of the following numbers:

Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447

For a complete listing of Cisco TAC contacts, go to this URL:

http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

TAC Case Priority Definitions

To ensure that all cases are reported in a standard format, Cisco has established case priority definitions.

Priority 1 (P1)—Your network is "down" or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.

Priority 2 (P2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.

Priority 3 (P3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.

Priority 4 (P4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

Obtaining Additional Publications and Information

Information about Cisco products, technologies, and network solutions is available from various online and printed sources.

http://www.cisco.com/go/marketplace/

http://cisco.com/univercd/cc/td/doc/pcat/

http://www.ciscopress.com

http://www.cisco.com/packet

http://www.cisco.com/go/iqmagazine

http://www.cisco.com/ipj

http://www.cisco.com/en/US/learning/index.html

This document is to be used in conjunction with the documents listed in the Related Documentation section.


Copyright © 2004 Cisco Systems, Inc. All rights reserved.

Printed in the USA on recycled paper containing 10% postconsumer waste.


hometocprevnextglossaryfeedbacksearchhelp
Posted: Wed Jan 14 10:13:30 PST 2004
All contents are Copyright © 1992--2004 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.