Brian, Is the script internal to Cisco? I would love to do some internal testing in my lab on a few different versions before I send notifications to our clients that have the affected versions.
In other words can I please have the script? :) Mehtab Shinwari | CCNP RS/V Senior Support Engineer -------- Original message -------- From: Brian Meade <[email protected]> Date: To: Lelio Fulgenzi <[email protected]> Cc: cisco-voip voyp list <[email protected]> Subject: Re: [cisco-voip] openSSL and heartbleed Here's what I found testing against 9.1.2.10000.28 with a slightly modified python script: bmeade@ubuntu:~$ python vulnscript 10.3.11.250 Connecting... Sending Client Hello... Waiting for Server Hello... ... received message: type = 22, ver = 0301, length = 1012 Sending heartbeat request... Unexpected EOF receiving record header - server closed connection No heartbeat response received, server likely not vulnerable This is assuming the released script is checking for the vulnerability properly. Brian On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <[email protected]<mailto:[email protected]>> wrote: I haven't seen one. Currently trying to run the example python script against one of my clusters but having some trouble. On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <[email protected]<mailto:[email protected]>> wrote: weird. for some reason i fixated on the date beneath the entry in the search listing which had 2011, which made more sense. do you know if there is a more recent advisory? --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> [email protected]<mailto:[email protected]> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 ________________________________ From: "Brian Meade" <[email protected]<mailto:[email protected]>> To: "Lelio Fulgenzi" <[email protected]<mailto:[email protected]>> Cc: "cisco-voip voyp list" <[email protected]<mailto:[email protected]>> Sent: Tuesday, April 8, 2014 5:16:32 PM Subject: Re: [cisco-voip] openSSL and heartbleed I don't think that's the correct advisory. That's a DoS vulnerability from 2004. Brian On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <[email protected]<mailto:[email protected]>> wrote: nevermind... my first search did not produce results... http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> [email protected]<mailto:[email protected]> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 ________________________________ From: "Lelio Fulgenzi" <[email protected]<mailto:[email protected]>> To: "cisco-voip voyp list" <[email protected]<mailto:[email protected]>> Sent: Tuesday, April 8, 2014 5:09:01 PM Subject: openSSL and heartbleed Does anyone know if/when Cisco will be coming out with a security advisory about Open SSL and heartbleed? http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309 --- Lelio Fulgenzi, B.A. Senior Analyst, Network Infrastructure Computing and Communications Services (CCS) University of Guelph 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> [email protected]<mailto:[email protected]> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> Room 037, Animal Science and Nutrition Building Guelph, Ontario, N1G 2W1 _______________________________________________ cisco-voip mailing list [email protected]<mailto:[email protected]> https://puck.nether.net/mailman/listinfo/cisco-voip _______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
