This bug, documented as CSCdm36197, initially appears in 11.2(14)GS2,
the first release of Cisco IOS software to support access lists on the GSR.
The bug is present in versions of Cisco IOS software from 11.2(14)GS2
to 11.2(15)GS3, inclusive. The earliest repaired version is 11.2(15)GS5.
If you are running any vulnerable version of 11.2GS and wish to resolve
this problem with the least possible change to your existing version of
software, you should upgrade to 11.2(15)GS5 or later.
This bug is not present in any release of 12.0S,
so upgrading to 12.0S or later will also remove the vulnerability.