[cisco-voip] openSSL and heartbleed
Brian Meade
bmeade90 at vt.edu
Tue Apr 8 19:01:57 EDT 2014
Here's what I found testing against 9.1.2.10000.28 with a slightly modified
python script:
bmeade at ubuntu:~$ python vulnscript 10.3.11.250
Connecting...
Sending Client Hello...
Waiting for Server Hello...
... received message: type = 22, ver = 0301, length = 1012
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable
This is assuming the released script is checking for the vulnerability
properly.
Brian
On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <bmeade90 at vt.edu> wrote:
> I haven't seen one. Currently trying to run the example python script
> against one of my clusters but having some trouble.
>
>
> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>
>> weird. for some reason i fixated on the date beneath the entry in the
>> search listing which had 2011, which made more sense.
>>
>> do you know if there is a more recent advisory?
>>
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst, Network Infrastructure
>> Computing and Communications Services (CCS)
>> University of Guelph
>>
>> 519‐824‐4120 Ext 56354
>> lelio at uoguelph.ca
>> www.uoguelph.ca/ccs
>> Room 037, Animal Science and Nutrition Building
>> Guelph, Ontario, N1G 2W1
>>
>> ------------------------------
>> *From: *"Brian Meade" <bmeade90 at vt.edu>
>> *To: *"Lelio Fulgenzi" <lelio at uoguelph.ca>
>> *Cc: *"cisco-voip voyp list" <cisco-voip at puck.nether.net>
>> *Sent: *Tuesday, April 8, 2014 5:16:32 PM
>> *Subject: *Re: [cisco-voip] openSSL and heartbleed
>>
>>
>> I don't think that's the correct advisory. That's a DoS vulnerability
>> from 2004.
>>
>> Brian
>>
>>
>> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>>
>>> nevermind... my first search did not produce results...
>>>
>>>
>>> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html
>>>
>>>
>>> ---
>>> Lelio Fulgenzi, B.A.
>>> Senior Analyst, Network Infrastructure
>>> Computing and Communications Services (CCS)
>>> University of Guelph
>>>
>>> 519‐824‐4120 Ext 56354
>>> lelio at uoguelph.ca
>>> www.uoguelph.ca/ccs
>>> Room 037, Animal Science and Nutrition Building
>>> Guelph, Ontario, N1G 2W1
>>>
>>> ------------------------------
>>> *From: *"Lelio Fulgenzi" <lelio at uoguelph.ca>
>>> *To: *"cisco-voip voyp list" <cisco-voip at puck.nether.net>
>>> *Sent: *Tuesday, April 8, 2014 5:09:01 PM
>>> *Subject: *openSSL and heartbleed
>>>
>>>
>>>
>>> Does anyone know if/when Cisco will be coming out with a security
>>> advisory about Open SSL and heartbleed?
>>>
>>>
>>> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309
>>>
>>>
>>>
>>> ---
>>> Lelio Fulgenzi, B.A.
>>> Senior Analyst, Network Infrastructure
>>> Computing and Communications Services (CCS)
>>> University of Guelph
>>>
>>> 519‐824‐4120 Ext 56354
>>> lelio at uoguelph.ca
>>> www.uoguelph.ca/ccs
>>> Room 037, Animal Science and Nutrition Building
>>> Guelph, Ontario, N1G 2W1
>>>
>>>
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140408/7e4c7f30/attachment.html>
More information about the cisco-voip
mailing list