<div dir="ltr">Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script:<div><div><div>bmeade@ubuntu:~$ python vulnscript 10.3.11.250</div><div>Connecting...</div><div>Sending Client Hello...</div>
<div>Waiting for Server Hello...</div><div> ... received message: type = 22, ver = 0301, length = 1012</div><div>Sending heartbeat request...</div><div>Unexpected EOF receiving record header - server closed connection</div>
<div>No heartbeat response received, server likely not vulnerable</div></div></div><div><br></div><div>This is assuming the released script is checking for the vulnerability properly.</div><div><br></div><div>Brian</div></div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <span dir="ltr"><<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I haven't seen one. Currently trying to run the example python script against one of my clusters but having some trouble.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:10pt;font-family:verdana,helvetica,sans-serif">weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense.<br>
<br>do you know if there is a more recent advisory?<div><br><br><div><span name="x"></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br>
<br><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" value="+15198244120" target="_blank">519‐824‐4120 Ext 56354</a><br><a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br><a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span name="x"></span><br></div><br><hr></div><div style="font-size:12pt;font-style:normal;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal">
<b>From: </b>"Brian Meade" <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>><br><b>To: </b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>Cc: </b>"cisco-voip voyp list" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br><b>Sent: </b>Tuesday, April 8, 2014 5:16:32 PM<br><b>Subject: </b>Re: [cisco-voip] openSSL and heartbleed<div>
<div><br><br><div dir="ltr">I don't think that's the correct advisory. That's a DoS vulnerability from 2004.<div><br></div><div>Brian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:10pt;font-family:verdana,helvetica,sans-serif">nevermind... my first search did not produce results...<br>
<br><a href="http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html</a><div><br><br><div><span></span>---<br>
Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br><br><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" target="_blank">519‐824‐4120 Ext 56354</a><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br><a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span></span><br>
</div><br></div><hr><div style="font-size:12pt;font-style:normal;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal"><b>From: </b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>To: </b>"cisco-voip voyp list" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br><b>Sent: </b>Tuesday, April 8, 2014 5:09:01 PM<br><b>Subject: </b>openSSL and heartbleed<div>
<div><br><br><div style="font-size:10pt;font-family:verdana,helvetica,sans-serif"><br>Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed?<br><br><a href="http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309" target="_blank">http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309</a><br>
<br><br><br><div><span></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br><br><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" target="_blank">519‐824‐4120 Ext 56354</a><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br><a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span></span><br>
</div><br></div></div></div></div><br></div></div><br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>
</div></div></div><br></div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>