<div dir="ltr">Here we can see CUCM does not respond to the Heartbeat Request with any data:<div><img src="cid:ii_14543a389496a590" alt="Inline image 2" width="754" height="44"><img width="16" height="16" src="data:image/gif;base64,R0lGODlhEAAQAOUdAOvr69HR0cHBwby8vOzs7PHx8ff397W1tbOzs+Xl5ebm5vDw8PPz88PDw7e3t+3t7dvb2+7u7vX19eTk5OPj4+rq6tbW1unp6bu7u+fn5+jo6N/f3+/v7/7+/ra2ttXV1f39/fz8/Li4uMXFxfb29vLy8vr6+sLCwtPT0/j4+PT09MDAwL+/v7m5ubS0tM7OzsrKytra2tTU1MfHx+Li4tDQ0M/Pz9nZ2b6+vgAAAAAAAAAAAAAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFMAA5ACwAAAAAEAAQAAAGg8CcMAcICAY5QsEwHBYPCMQhl6guGM5GNOqgVhMPbA6y5Xq/kZwkN3Fsu98EJcdYKCo5i7kKwCorVRd4GAg5GVgAfBpxaRtsZwkaiwpfD0NxkYl8QngARF8AdhmeDwl4pngUCQsVHDl2m2iveDkXcZ6YTgS3kAS0RKWxVQ+/TqydrE1BACH5BAkwADkALAAAAAAQABAAAAZ+wJwwJ1kQIgNBgDMcdh6KRILgQSAOn46TIJVSrdZGSMjpeqtgREAoYWi6BFF6xCAJS6ZyYhEIUwxNQgYkFxwBByh2gU0kKRVHi4sgOQuRTRJtJgwSBJElihwMQioqGmw5gEMLKk2AEkSBq4ElQmNNoYG2OVpDuE6Lrzmfp0NBACH5BAUwADkALAAAAAAQABAAAAaFwJwwJ1kQCDlCwTAcMh6KhDQnVSwYTkJ1un1gc5wtdxsh5iqaLbVKyVEWigq4ugZgTyiA9CK/JHIZWCsICCxpVWV/EzkHhAgth1UPQ4OOLXpScmebFA6ELHAZclBycXIULi8VZXCZawplFG05flWlakIVWravCgSaZ1CuksBDFQsAcsfFQQAh+QQJMAA5ACwAAAAAEAAQAAAGQcCccEgsGo/IpHLJzDGaOcKCCUgkAEuFNaFRbq1dJCxX2WKRCFdMmJiiEQjRp1BJwu8y5R3RWNsRBx9+SSsxgzlBACH5BAkwADkALAAAAAAQABAAAAaJwJwwJ1kQCDlCwTAcMh6KhDQnVSwYTkJ1un1gc5wtdxsh5iqaLbVKyTEWigq4ugZglRXpRX5J5DJYAFIAaVVlfhNrURqFVQ9DYhqCgzkzCGdnVQBwGRU0LQiXCRUAORQJCwAcOTChoYplBXIKLq6vUXRCCQ22olUEcroJB66KD8FNCjUrlxWpTUEAIfkEBTAAOQAsAAAAABAAEAAABobAnDAnWRAIOULBMBwyHoqENCdVLBhOQnW6fWBznC13G8nZchXNllql5Bg2xA1cZQOwShwCMdDkLgk5GVgAUgAie3syVDkTbFIaiIkIJ0NiGnp7HiNonRVVAHEuFjlQFVQVAI0JCzYjrKCPZQWnf1unYkMVWrFbBLVoUIaPD8C6CwCnAMhNQQA7"><div>
<div><br></div></div></div><div>For the root inclined, we can find what openssl version is running:</div><div><div>[root@CUCM912 ~]# openssl version</div><div>OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008</div></div><div><br></div>
<div>This new heartbeat bug isn't valid as OpenSSL didn't even implement responding to the Heartbeat Requests until version 1.0.1. This is why CUCM doesn't respond with any data.</div><div><br></div><div>I don't have a 10.x box to check with right now.</div>
<div><br></div><div>Brian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 7:01 PM, Brian Meade <span dir="ltr"><<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script:<div><div>
<div>bmeade@ubuntu:~$ python vulnscript 10.3.11.250</div><div>Connecting...</div><div>Sending Client Hello...</div>
<div>Waiting for Server Hello...</div><div> ... received message: type = 22, ver = 0301, length = 1012</div><div>Sending heartbeat request...</div><div>Unexpected EOF receiving record header - server closed connection</div>
<div>No heartbeat response received, server likely not vulnerable</div></div></div><div><br></div><div>This is assuming the released script is checking for the vulnerability properly.</div><span class="HOEnZb"><font color="#888888"><div>
<br></div><div>Brian</div></font></span></div><div class="HOEnZb"><div class="h5">
<div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <span dir="ltr"><<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I haven't seen one. Currently trying to run the example python script against one of my clusters but having some trouble.</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:10pt;font-family:verdana,helvetica,sans-serif">weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense.<br>
<br>do you know if there is a more recent advisory?<div><br><br><div><span name="x"></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br>
<br><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" value="+15198244120" target="_blank">519‐824‐4120 Ext 56354</a><br><a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br><a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span name="x"></span><br></div><br><hr></div><div style="font-size:12pt;font-style:normal;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal">
<b>From: </b>"Brian Meade" <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>><br><b>To: </b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>Cc: </b>"cisco-voip voyp list" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br><b>Sent: </b>Tuesday, April 8, 2014 5:16:32 PM<br><b>Subject: </b>Re: [cisco-voip] openSSL and heartbleed<div>
<div><br><br><div dir="ltr">I don't think that's the correct advisory. That's a DoS vulnerability from 2004.<div><br></div><div>Brian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-size:10pt;font-family:verdana,helvetica,sans-serif">nevermind... my first search did not produce results...<br>
<br><a href="http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html</a><div><br><br><div><span></span>---<br>
Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br><br><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" target="_blank">519‐824‐4120 Ext 56354</a><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br><a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span></span><br>
</div><br></div><hr><div style="font-size:12pt;font-style:normal;font-family:Helvetica,Arial,sans-serif;text-decoration:none;font-weight:normal"><b>From: </b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>To: </b>"cisco-voip voyp list" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br><b>Sent: </b>Tuesday, April 8, 2014 5:09:01 PM<br><b>Subject: </b>openSSL and heartbleed<div>
<div><br><br><div style="font-size:10pt;font-family:verdana,helvetica,sans-serif"><br>Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed?<br><br><a href="http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309" target="_blank">http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309</a><br>
<br><br><br><div><span></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br><br><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" target="_blank">519‐824‐4120 Ext 56354</a><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br><a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span></span><br>
</div><br></div></div></div></div><br></div></div><br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>
</div></div></div><br></div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>