Thanks Brian. Can we assume that ELM and UCCx is also not affected? Same 9.x train.
Sent from my iPhone On 2014-04-08, at 7:21 PM, Brian Meade <[email protected]> wrote: > Here we can see CUCM does not respond to the Heartbeat Request with any data: > <image.png> > > For the root inclined, we can find what openssl version is running: > [root@CUCM912 ~]# openssl version > OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > > This new heartbeat bug isn't valid as OpenSSL didn't even implement > responding to the Heartbeat Requests until version 1.0.1. This is why CUCM > doesn't respond with any data. > > I don't have a 10.x box to check with right now. > > Brian > > > On Tue, Apr 8, 2014 at 7:01 PM, Brian Meade <[email protected]> wrote: >> Here's what I found testing against 9.1.2.10000.28 with a slightly modified >> python script: >> bmeade@ubuntu:~$ python vulnscript 10.3.11.250 >> Connecting... >> Sending Client Hello... >> Waiting for Server Hello... >> ... received message: type = 22, ver = 0301, length = 1012 >> Sending heartbeat request... >> Unexpected EOF receiving record header - server closed connection >> No heartbeat response received, server likely not vulnerable >> >> This is assuming the released script is checking for the vulnerability >> properly. >> >> Brian >> >> >> On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <[email protected]> wrote: >>> I haven't seen one. Currently trying to run the example python script >>> against one of my clusters but having some trouble. >>> >>> >>> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <[email protected]> wrote: >>>> weird. for some reason i fixated on the date beneath the entry in the >>>> search listing which had 2011, which made more sense. >>>> >>>> do you know if there is a more recent advisory? >>>> >>>> >>>> --- >>>> Lelio Fulgenzi, B.A. >>>> Senior Analyst, Network Infrastructure >>>> Computing and Communications Services (CCS) >>>> University of Guelph >>>> >>>> 519‐824‐4120 Ext 56354 >>>> [email protected] >>>> www.uoguelph.ca/ccs >>>> Room 037, Animal Science and Nutrition Building >>>> Guelph, Ontario, N1G 2W1 >>>> >>>> From: "Brian Meade" <[email protected]> >>>> To: "Lelio Fulgenzi" <[email protected]> >>>> Cc: "cisco-voip voyp list" <[email protected]> >>>> Sent: Tuesday, April 8, 2014 5:16:32 PM >>>> Subject: Re: [cisco-voip] openSSL and heartbleed >>>> >>>> >>>> I don't think that's the correct advisory. That's a DoS vulnerability >>>> from 2004. >>>> >>>> Brian >>>> >>>> >>>> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <[email protected]> wrote: >>>>> nevermind... my first search did not produce results... >>>>> >>>>> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html >>>>> >>>>> >>>>> --- >>>>> Lelio Fulgenzi, B.A. >>>>> Senior Analyst, Network Infrastructure >>>>> Computing and Communications Services (CCS) >>>>> University of Guelph >>>>> >>>>> 519‐824‐4120 Ext 56354 >>>>> [email protected] >>>>> www.uoguelph.ca/ccs >>>>> Room 037, Animal Science and Nutrition Building >>>>> Guelph, Ontario, N1G 2W1 >>>>> >>>>> From: "Lelio Fulgenzi" <[email protected]> >>>>> To: "cisco-voip voyp list" <[email protected]> >>>>> Sent: Tuesday, April 8, 2014 5:09:01 PM >>>>> Subject: openSSL and heartbleed >>>>> >>>>> >>>>> >>>>> Does anyone know if/when Cisco will be coming out with a security >>>>> advisory about Open SSL and heartbleed? >>>>> >>>>> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309 >>>>> >>>>> >>>>> >>>>> --- >>>>> Lelio Fulgenzi, B.A. >>>>> Senior Analyst, Network Infrastructure >>>>> Computing and Communications Services (CCS) >>>>> University of Guelph >>>>> >>>>> 519‐824‐4120 Ext 56354 >>>>> [email protected] >>>>> www.uoguelph.ca/ccs >>>>> Room 037, Animal Science and Nutrition Building >>>>> Guelph, Ontario, N1G 2W1 >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> cisco-voip mailing list >>>>> [email protected] >>>>> https://puck.nether.net/mailman/listinfo/cisco-voip >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
