<div dir="ltr">It is indeed a modified version I made of that script. I had some issues with the way the while loop was implemented in the main function resulting in the server hello not being read correctly. To resolve, I found that all my server hello's were completed in one packet so I just removed the while loop.<div>
<br></div><div>Brian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 8, 2014 at 11:07 PM, Joshua Morgan <span dir="ltr"><<a href="mailto:joshua.morgan@gmail.com" target="_blank">joshua.morgan@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It's likely this script or a modified version thereof: <a href="https://gist.github.com/takeshixx/10107280" target="_blank">https://gist.github.com/takeshixx/10107280</a><div>
<br></div><div>Josh</div></div><div class="gmail_extra">
<br><br><div class="gmail_quote"><div><div class="h5">On Wed, Apr 9, 2014 at 1:02 PM, Mehtab Shinwari <span dir="ltr"><<a href="mailto:mshinwari@fidelus.com" target="_blank">mshinwari@fidelus.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
Brian,<br>
<br>
Is the script internal to Cisco? I would love to do some internal testing in my lab on a few different versions before I send notifications to our clients that have the affected versions.<br>
<br>
In other words can I please have the script? :)<br>
<br>
<br>
Mehtab Shinwari | CCNP RS/V<br>
Senior Support Engineer<br>
<div><br>
<br>
<br>
-------- Original message --------<br>
From: Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>><br>
Date:<br>
To: Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
Cc: cisco-voip voyp list <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
</div><div>Subject: Re: [cisco-voip] openSSL and heartbleed<br>
<br>
<br>
</div><div>Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script:<br>
bmeade@ubuntu:~$ python vulnscript 10.3.11.250<br>
Connecting...<br>
Sending Client Hello...<br>
Waiting for Server Hello...<br>
... received message: type = 22, ver = 0301, length = 1012<br>
Sending heartbeat request...<br>
Unexpected EOF receiving record header - server closed connection<br>
No heartbeat response received, server likely not vulnerable<br>
<br>
This is assuming the released script is checking for the vulnerability properly.<br>
<br>
Brian<br>
<br>
<br>
</div><div>On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a><mailto:<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>>> wrote:<br>
I haven't seen one. Currently trying to run the example python script against one of my clusters but having some trouble.<br>
<br>
<br>
</div><div>On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>> wrote:<br>
weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense.<br>
<br>
do you know if there is a more recent advisory?<br>
<br>
<br>
---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
</div><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" value="+15198244120" target="_blank">519‐824‐4120 Ext 56354</a><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><<a href="http://www.uoguelph.ca/ccs" target="_blank">http://www.uoguelph.ca/ccs</a>><br>
<div>Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<br>
<br>
________________________________<br>
</div>From: "Brian Meade" <<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a><mailto:<a href="mailto:bmeade90@vt.edu" target="_blank">bmeade90@vt.edu</a>>><br>
To: "Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>><br>
Cc: "cisco-voip voyp list" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><mailto:<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>>><br>
<div>Sent: Tuesday, April 8, 2014 5:16:32 PM<br>
Subject: Re: [cisco-voip] openSSL and heartbleed<br>
<br>
<br>
I don't think that's the correct advisory. That's a DoS vulnerability from 2004.<br>
<br>
Brian<br>
<br>
<br>
</div><div>On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>> wrote:<br>
nevermind... my first search did not produce results...<br>
<br>
<a href="http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html" target="_blank">http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html</a><br>
<br>
<br>
---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
</div><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" value="+15198244120" target="_blank">519‐824‐4120 Ext 56354</a><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><<a href="http://www.uoguelph.ca/ccs" target="_blank">http://www.uoguelph.ca/ccs</a>><br>
<div>Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<br>
<br>
________________________________<br>
</div>From: "Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>>><br>
To: "cisco-voip voyp list" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><mailto:<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>>><br>
<div>Sent: Tuesday, April 8, 2014 5:09:01 PM<br>
Subject: openSSL and heartbleed<br>
<br>
<br>
<br>
Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed?<br>
<br>
<a href="http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309" target="_blank">http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309</a><br>
<br>
<br>
<br>
---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
</div><a href="tel:519%E2%80%90824%E2%80%904120%20Ext%2056354" value="+15198244120" target="_blank">519‐824‐4120 Ext 56354</a><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><<a href="http://www.uoguelph.ca/ccs" target="_blank">http://www.uoguelph.ca/ccs</a>><br>
<div>Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<br>
<br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
</div><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><mailto:<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</div></div><div><div><div><div class="h5"><br>
<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
</div></div><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</div></div></blockquote></div><br></div>
</blockquote></div><br></div>