[cisco-voip] openSSL and heartbleed

Brian Meade bmeade90 at vt.edu
Tue Apr 8 19:21:47 EDT 2014 

Here we can see CUCM does not respond to the Heartbeat Request with any
data:
[image: Inline image 2]

For the root inclined, we can find what openssl version is running:
[root at CUCM912 ~]# openssl version
OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

This new heartbeat bug isn't valid as OpenSSL didn't even implement
responding to the Heartbeat Requests until version 1.0.1.  This is why CUCM
doesn't respond with any data.

I don't have a 10.x box to check with right now.

Brian


On Tue, Apr 8, 2014 at 7:01 PM, Brian Meade <bmeade90 at vt.edu> wrote:

> Here's what I found testing against 9.1.2.10000.28 with a slightly
> modified python script:
> bmeade at ubuntu:~$ python vulnscript 10.3.11.250
> Connecting...
> Sending Client Hello...
> Waiting for Server Hello...
>  ... received message: type = 22, ver = 0301, length = 1012
> Sending heartbeat request...
> Unexpected EOF receiving record header - server closed connection
> No heartbeat response received, server likely not vulnerable
>
> This is assuming the released script is checking for the vulnerability
> properly.
>
> Brian
>
>
> On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <bmeade90 at vt.edu> wrote:
>
>> I haven't seen one.  Currently trying to run the example python script
>> against one of my clusters but having some trouble.
>>
>>
>> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>>
>>> weird. for some reason i fixated on the date beneath the entry in the
>>> search listing which had 2011, which made more sense.
>>>
>>> do you know if there is a more recent advisory?
>>>
>>>
>>> ---
>>> Lelio Fulgenzi, B.A.
>>> Senior Analyst, Network Infrastructure
>>> Computing and Communications Services (CCS)
>>> University of Guelph
>>>
>>> 519‐824‐4120 Ext 56354
>>> lelio at uoguelph.ca
>>> www.uoguelph.ca/ccs
>>> Room 037, Animal Science and Nutrition Building
>>> Guelph, Ontario, N1G 2W1
>>>
>>> ------------------------------
>>> *From: *"Brian Meade" <bmeade90 at vt.edu>
>>> *To: *"Lelio Fulgenzi" <lelio at uoguelph.ca>
>>> *Cc: *"cisco-voip voyp list" <cisco-voip at puck.nether.net>
>>> *Sent: *Tuesday, April 8, 2014 5:16:32 PM
>>> *Subject: *Re: [cisco-voip] openSSL and heartbleed
>>>
>>>
>>> I don't think that's the correct advisory.  That's a DoS vulnerability
>>> from 2004.
>>>
>>> Brian
>>>
>>>
>>> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <lelio at uoguelph.ca>wrote:
>>>
>>>> nevermind... my first search did not produce results...
>>>>
>>>>
>>>> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html
>>>>
>>>>
>>>> ---
>>>> Lelio Fulgenzi, B.A.
>>>> Senior Analyst, Network Infrastructure
>>>> Computing and Communications Services (CCS)
>>>> University of Guelph
>>>>
>>>> 519‐824‐4120 Ext 56354
>>>> lelio at uoguelph.ca
>>>> www.uoguelph.ca/ccs
>>>> Room 037, Animal Science and Nutrition Building
>>>> Guelph, Ontario, N1G 2W1
>>>>
>>>> ------------------------------
>>>> *From: *"Lelio Fulgenzi" <lelio at uoguelph.ca>
>>>> *To: *"cisco-voip voyp list" <cisco-voip at puck.nether.net>
>>>> *Sent: *Tuesday, April 8, 2014 5:09:01 PM
>>>> *Subject: *openSSL and heartbleed
>>>>
>>>>
>>>>
>>>> Does anyone know if/when Cisco will be coming out with a security
>>>> advisory about Open SSL and heartbleed?
>>>>
>>>>
>>>> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309
>>>>
>>>>
>>>>
>>>> ---
>>>> Lelio Fulgenzi, B.A.
>>>> Senior Analyst, Network Infrastructure
>>>> Computing and Communications Services (CCS)
>>>> University of Guelph
>>>>
>>>> 519‐824‐4120 Ext 56354
>>>> lelio at uoguelph.ca
>>>> www.uoguelph.ca/ccs
>>>> Room 037, Animal Science and Nutrition Building
>>>> Guelph, Ontario, N1G 2W1
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140408/ebdf0e13/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 13838 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140408/ebdf0e13/attachment.png>

More information about the cisco-voip mailing list