[cisco-voip] openSSL and heartbleed

Lelio Fulgenzi lelio at uoguelph.ca
Tue Apr 8 19:33:38 EDT 2014


Thanks Brian. 

Can we assume that ELM and UCCx is also not affected? Same 9.x train. 



Sent from my iPhone

On 2014-04-08, at 7:21 PM, Brian Meade <bmeade90 at vt.edu> wrote:

> Here we can see CUCM does not respond to the Heartbeat Request with any data:
> <image.png>
> 
> For the root inclined, we can find what openssl version is running:
> [root at CUCM912 ~]# openssl version
> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> 
> This new heartbeat bug isn't valid as OpenSSL didn't even implement responding to the Heartbeat Requests until version 1.0.1.  This is why CUCM doesn't respond with any data.
> 
> I don't have a 10.x box to check with right now.
> 
> Brian
> 
> 
> On Tue, Apr 8, 2014 at 7:01 PM, Brian Meade <bmeade90 at vt.edu> wrote:
>> Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script:
>> bmeade at ubuntu:~$ python vulnscript 10.3.11.250
>> Connecting...
>> Sending Client Hello...
>> Waiting for Server Hello...
>>  ... received message: type = 22, ver = 0301, length = 1012
>> Sending heartbeat request...
>> Unexpected EOF receiving record header - server closed connection
>> No heartbeat response received, server likely not vulnerable
>> 
>> This is assuming the released script is checking for the vulnerability properly.
>> 
>> Brian
>> 
>> 
>> On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <bmeade90 at vt.edu> wrote:
>>> I haven't seen one.  Currently trying to run the example python script against one of my clusters but having some trouble.
>>> 
>>> 
>>> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>>>> weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense.
>>>> 
>>>> do you know if there is a more recent advisory?
>>>> 
>>>> 
>>>> ---
>>>> Lelio Fulgenzi, B.A.
>>>> Senior Analyst, Network Infrastructure
>>>> Computing and Communications Services (CCS)
>>>> University of Guelph
>>>> 
>>>> 519‐824‐4120 Ext 56354
>>>> lelio at uoguelph.ca
>>>> www.uoguelph.ca/ccs
>>>> Room 037, Animal Science and Nutrition Building
>>>> Guelph, Ontario, N1G 2W1
>>>> 
>>>> From: "Brian Meade" <bmeade90 at vt.edu>
>>>> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>>>> Cc: "cisco-voip voyp list" <cisco-voip at puck.nether.net>
>>>> Sent: Tuesday, April 8, 2014 5:16:32 PM
>>>> Subject: Re: [cisco-voip] openSSL and heartbleed
>>>> 
>>>> 
>>>> I don't think that's the correct advisory.  That's a DoS vulnerability from 2004.
>>>> 
>>>> Brian
>>>> 
>>>> 
>>>> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>>>>> nevermind... my first search did not produce results...
>>>>> 
>>>>> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html
>>>>> 
>>>>> 
>>>>> ---
>>>>> Lelio Fulgenzi, B.A.
>>>>> Senior Analyst, Network Infrastructure
>>>>> Computing and Communications Services (CCS)
>>>>> University of Guelph
>>>>> 
>>>>> 519‐824‐4120 Ext 56354
>>>>> lelio at uoguelph.ca
>>>>> www.uoguelph.ca/ccs
>>>>> Room 037, Animal Science and Nutrition Building
>>>>> Guelph, Ontario, N1G 2W1
>>>>> 
>>>>> From: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>>>>> To: "cisco-voip voyp list" <cisco-voip at puck.nether.net>
>>>>> Sent: Tuesday, April 8, 2014 5:09:01 PM
>>>>> Subject: openSSL and heartbleed
>>>>> 
>>>>> 
>>>>> 
>>>>> Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed?
>>>>> 
>>>>> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309
>>>>> 
>>>>> 
>>>>> 
>>>>> ---
>>>>> Lelio Fulgenzi, B.A.
>>>>> Senior Analyst, Network Infrastructure
>>>>> Computing and Communications Services (CCS)
>>>>> University of Guelph
>>>>> 
>>>>> 519‐824‐4120 Ext 56354
>>>>> lelio at uoguelph.ca
>>>>> www.uoguelph.ca/ccs
>>>>> Room 037, Animal Science and Nutrition Building
>>>>> Guelph, Ontario, N1G 2W1
>>>>> 
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140408/8c79e229/attachment.html>


More information about the cisco-voip mailing list