[cisco-voip] openSSL and heartbleed

Eric Pedersen PedersenE at bennettjones.com
Wed Apr 9 10:47:06 EDT 2014 

VCS 8.1 and WebEx Meetings Server 2.0 appear vulnerable. This includes SIP/TLS on VCS.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Brian Meade
Sent: 09 April 2014 7:56 AM
To: Joshua Morgan
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] openSSL and heartbleed

It is indeed a modified version I made of that script.  I had some issues with the way the while loop was implemented in the main function resulting in the server hello not being read correctly.  To resolve, I found that all my server hello's were completed in one packet so I just removed the while loop.

Brian

On Tue, Apr 8, 2014 at 11:07 PM, Joshua Morgan <joshua.morgan at gmail.com<mailto:joshua.morgan at gmail.com>> wrote:
It's likely this script or a modified version thereof: https://gist.github.com/takeshixx/10107280

Josh

On Wed, Apr 9, 2014 at 1:02 PM, Mehtab Shinwari <mshinwari at fidelus.com<mailto:mshinwari at fidelus.com>> wrote:
Brian,

Is the script internal to Cisco? I would love to do some internal testing in my lab on a few different versions before I send notifications to our clients that have the affected versions.

In other words can I please have the script? :)


Mehtab Shinwari | CCNP RS/V
Senior Support Engineer



-------- Original message --------
From: Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>
Date:
To: Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: cisco-voip voyp list <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] openSSL and heartbleed

Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script:
bmeade at ubuntu:~$ python vulnscript 10.3.11.250
Connecting...
Sending Client Hello...
Waiting for Server Hello...
 ... received message: type = 22, ver = 0301, length = 1012
Sending heartbeat request...
Unexpected EOF receiving record header - server closed connection
No heartbeat response received, server likely not vulnerable

This is assuming the released script is checking for the vulnerability properly.

Brian

On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu><mailto:bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>> wrote:
I haven't seen one.  Currently trying to run the example python script against one of my clusters but having some trouble.

On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>> wrote:
weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense.

do you know if there is a more recent advisory?


---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph
519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

________________________________
From: "Brian Meade" <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu><mailto:bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>>
To: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>>
Cc: "cisco-voip voyp list" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net><mailto:cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>>
Sent: Tuesday, April 8, 2014 5:16:32 PM
Subject: Re: [cisco-voip] openSSL and heartbleed


I don't think that's the correct advisory.  That's a DoS vulnerability from 2004.

Brian

On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>> wrote:
nevermind... my first search did not produce results...

http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html


---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph
519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

________________________________
From: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>>
To: "cisco-voip voyp list" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net><mailto:cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>>
Sent: Tuesday, April 8, 2014 5:09:01 PM
Subject: openSSL and heartbleed



Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed?

http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309



---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph
519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354>
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca><mailto:lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net><mailto:cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
https://puck.nether.net/mailman/listinfo/cisco-voip






_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



The contents of this message may contain confidential and/or privileged
subject matter. If this message has been received in error, please contact
the sender and delete all copies. Like other forms of communication,
e-mail communications may be vulnerable to interception by unauthorized
parties. If you do not wish us to communicate with you by e-mail, please
notify us at your earliest convenience. In the absence of such
notification, your consent is assumed. Should you choose to allow us to
communicate by e-mail, we will not take any additional security measures
(such as encryption) unless specifically requested.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140409/ebe2cd6f/attachment.html>

More information about the cisco-voip mailing list