[cisco-voip] openSSL and heartbleed

Tue Apr 8 23:13:13 EDT 2014

Joshua,

Thanks for such a quick reply. I just opened it on my mobile phone and it looks promising.
Have to flex some python muscels will have to write an addition call so it will check a bunch of IP addresses at once and dump the results in a text file.

Thank you again.

Mehtab Shinwari | CCNP RS/V
Senior Support Engineer

-------- Original message --------
From: Joshua Morgan <joshua.morgan at gmail.com>
Date:
To: Mehtab Shinwari <mshinwari at fidelus.com>
Cc: bmeade90 at vt.edu,lelio at uoguelph.ca,cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] openSSL and heartbleed

It's likely this script or a modified version thereof: https://gist.github.com/takeshixx/10107280

Josh

On Wed, Apr 9, 2014 at 1:02 PM, Mehtab Shinwari <mshinwari at fidelus.com<mailto:mshinwari at fidelus.com>> wrote:
Brian,

Is the script internal to Cisco? I would love to do some internal testing in my lab on a few different versions before I send notifications to our clients that have the affected versions.

In other words can I please have the script? :)

Mehtab Shinwari | CCNP RS/V
Senior Support Engineer

-------- Original message --------
From: Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>
Date:
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] openSSL and heartbleed

Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script:
bmeade at ubuntu:~$ python vulnscript 10.3.11.250
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0301, length = 1012
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable

This is assuming the released script is checking for the vulnerability properly.

Brian

On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu><mailto:bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>> wrote:
I haven't seen one.  Currently trying to run the example python script against one of my clusters but having some trouble.

On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>> wrote:
weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense.

do you know if there is a more recent advisory?

---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

________________________________
From: "Brian Meade" <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu><mailto:bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>>
To: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>>
Cc: "cisco-voip voyp list" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net><mailto:cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>>
Sent: Tuesday, April 8, 2014 5:16:32 PM
Subject: Re: [cisco-voip] openSSL and heartbleed

I don't think that's the correct advisory.  That's a DoS vulnerability from 2004.

Brian

On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>> wrote:
nevermind... my first search did not produce results...

http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html

---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

________________________________
From: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>>
To: "cisco-voip voyp list" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net><mailto:cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>>
Sent: Tuesday, April 8, 2014 5:09:01 PM
Subject: openSSL and heartbleed

Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed?

http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309

---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net><mailto:cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip