[cisco-voip] openSSL and heartbleed

Brian Meade bmeade90 at vt.edu
Wed Apr 9 09:56:20 EDT 2014


It is indeed a modified version I made of that script.  I had some issues
with the way the while loop was implemented in the main function resulting
in the server hello not being read correctly.  To resolve, I found that all
my server hello's were completed in one packet so I just removed the while
loop.

Brian


On Tue, Apr 8, 2014 at 11:07 PM, Joshua Morgan <joshua.morgan at gmail.com>wrote:

> It's likely this script or a modified version thereof:
> https://gist.github.com/takeshixx/10107280
>
> Josh
>
>
> On Wed, Apr 9, 2014 at 1:02 PM, Mehtab Shinwari <mshinwari at fidelus.com>wrote:
>
>> Brian,
>>
>> Is the script internal to Cisco? I would love to do some internal testing
>> in my lab on a few different versions before I send notifications to our
>> clients that have the affected versions.
>>
>> In other words can I please have the script? :)
>>
>>
>> Mehtab Shinwari | CCNP RS/V
>> Senior Support Engineer
>>
>>
>>
>> -------- Original message --------
>> From: Brian Meade <bmeade90 at vt.edu>
>> Date:
>> To: Lelio Fulgenzi <lelio at uoguelph.ca>
>> Cc: cisco-voip voyp list <cisco-voip at puck.nether.net>
>> Subject: Re: [cisco-voip] openSSL and heartbleed
>>
>>
>> Here's what I found testing against 9.1.2.10000.28 with a slightly
>> modified python script:
>> bmeade at ubuntu:~$ python vulnscript 10.3.11.250
>> Connecting...
>> Sending Client Hello...
>> Waiting for Server Hello...
>>  ... received message: type = 22, ver = 0301, length = 1012
>> Sending heartbeat request...
>> Unexpected EOF receiving record header - server closed connection
>> No heartbeat response received, server likely not vulnerable
>>
>> This is assuming the released script is checking for the vulnerability
>> properly.
>>
>> Brian
>>
>>
>> On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <bmeade90 at vt.edu<mailto:
>> bmeade90 at vt.edu>> wrote:
>> I haven't seen one.  Currently trying to run the example python script
>> against one of my clusters but having some trouble.
>>
>>
>> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:
>> lelio at uoguelph.ca>> wrote:
>> weird. for some reason i fixated on the date beneath the entry in the
>> search listing which had 2011, which made more sense.
>>
>> do you know if there is a more recent advisory?
>>
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst, Network Infrastructure
>> Computing and Communications Services (CCS)
>> University of Guelph
>>
>> 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
>> lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
>> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
>> Room 037, Animal Science and Nutrition Building
>> Guelph, Ontario, N1G 2W1
>>
>> ________________________________
>> From: "Brian Meade" <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>
>> To: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
>> Cc: "cisco-voip voyp list" <cisco-voip at puck.nether.net<mailto:
>> cisco-voip at puck.nether.net>>
>> Sent: Tuesday, April 8, 2014 5:16:32 PM
>> Subject: Re: [cisco-voip] openSSL and heartbleed
>>
>>
>> I don't think that's the correct advisory.  That's a DoS vulnerability
>> from 2004.
>>
>> Brian
>>
>>
>> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:
>> lelio at uoguelph.ca>> wrote:
>> nevermind... my first search did not produce results...
>>
>>
>> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html
>>
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst, Network Infrastructure
>> Computing and Communications Services (CCS)
>> University of Guelph
>>
>> 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
>> lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
>> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
>> Room 037, Animal Science and Nutrition Building
>> Guelph, Ontario, N1G 2W1
>>
>> ________________________________
>> From: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
>> To: "cisco-voip voyp list" <cisco-voip at puck.nether.net<mailto:
>> cisco-voip at puck.nether.net>>
>> Sent: Tuesday, April 8, 2014 5:09:01 PM
>> Subject: openSSL and heartbleed
>>
>>
>>
>> Does anyone know if/when Cisco will be coming out with a security
>> advisory about Open SSL and heartbleed?
>>
>> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309
>>
>>
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst, Network Infrastructure
>> Computing and Communications Services (CCS)
>> University of Guelph
>>
>> 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
>> lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
>> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
>> Room 037, Animal Science and Nutrition Building
>> Guelph, Ontario, N1G 2W1
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140409/d4d228d7/attachment.html>


More information about the cisco-voip mailing list