Cisco's advisory was just released: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
On Wed, Apr 9, 2014 at 1:13 PM, Mehtab Shinwari <[email protected]>wrote: > Joshua, > > Thanks for such a quick reply. I just opened it on my mobile phone and it > looks promising. > Have to flex some python muscels will have to write an addition call so it > will check a bunch of IP addresses at once and dump the results in a text > file. > > Thank you again. > > > Mehtab Shinwari | CCNP RS/V > Senior Support Engineer > > > > -------- Original message -------- > From: Joshua Morgan <[email protected]> > Date: > To: Mehtab Shinwari <[email protected]> > Cc: [email protected],[email protected],[email protected] > Subject: Re: [cisco-voip] openSSL and heartbleed > > > It's likely this script or a modified version thereof: > https://gist.github.com/takeshixx/10107280 > > Josh > > > On Wed, Apr 9, 2014 at 1:02 PM, Mehtab Shinwari <[email protected] > <mailto:[email protected]>> wrote: > Brian, > > Is the script internal to Cisco? I would love to do some internal testing > in my lab on a few different versions before I send notifications to our > clients that have the affected versions. > > In other words can I please have the script? :) > > > Mehtab Shinwari | CCNP RS/V > Senior Support Engineer > > > > -------- Original message -------- > From: Brian Meade <[email protected]<mailto:[email protected]>> > Date: > To: Lelio Fulgenzi <[email protected]<mailto:[email protected]>> > Cc: cisco-voip voyp list <[email protected]<mailto: > [email protected]>> > Subject: Re: [cisco-voip] openSSL and heartbleed > > > Here's what I found testing against 9.1.2.10000.28 with a slightly > modified python script: > bmeade@ubuntu:~$ python vulnscript 10.3.11.250 > Connecting... > Sending Client Hello... > Waiting for Server Hello... > ... received message: type = 22, ver = 0301, length = 1012 > Sending heartbeat request... > Unexpected EOF receiving record header - server closed connection > No heartbeat response received, server likely not vulnerable > > This is assuming the released script is checking for the vulnerability > properly. > > Brian > > > On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <[email protected]<mailto: > [email protected]><mailto:[email protected]<mailto:[email protected]>>> wrote: > I haven't seen one. Currently trying to run the example python script > against one of my clusters but having some trouble. > > > On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <[email protected]<mailto: > [email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: > weird. for some reason i fixated on the date beneath the entry in the > search listing which had 2011, which made more sense. > > do you know if there is a more recent advisory? > > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519‐824‐4120 Ext 56354 > <tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> > [email protected]<mailto:[email protected]><mailto:[email protected] > <mailto:[email protected]>> > www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs > > > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > ________________________________ > From: "Brian Meade" <[email protected]<mailto:[email protected]><mailto: > [email protected]<mailto:[email protected]>>> > To: "Lelio Fulgenzi" <[email protected]<mailto:[email protected]><mailto: > [email protected]<mailto:[email protected]>>> > Cc: "cisco-voip voyp list" <[email protected]<mailto: > [email protected]><mailto:[email protected]<mailto: > [email protected]>>> > Sent: Tuesday, April 8, 2014 5:16:32 PM > Subject: Re: [cisco-voip] openSSL and heartbleed > > > I don't think that's the correct advisory. That's a DoS vulnerability > from 2004. > > Brian > > > On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <[email protected]<mailto: > [email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: > nevermind... my first search did not produce results... > > > http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html > > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519‐824‐4120 Ext 56354 > <tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> > [email protected]<mailto:[email protected]><mailto:[email protected] > <mailto:[email protected]>> > www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs > > > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > ________________________________ > From: "Lelio Fulgenzi" <[email protected]<mailto:[email protected] > ><mailto:[email protected]<mailto:[email protected]>>> > To: "cisco-voip voyp list" <[email protected]<mailto: > [email protected]><mailto:[email protected]<mailto: > [email protected]>>> > Sent: Tuesday, April 8, 2014 5:09:01 PM > Subject: openSSL and heartbleed > > > > Does anyone know if/when Cisco will be coming out with a security advisory > about Open SSL and heartbleed? > > http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309 > > > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519‐824‐4120 Ext 56354 > <tel:519%E2%80%90824%E2%80%904120%20Ext%2056354><tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> > [email protected]<mailto:[email protected]><mailto:[email protected] > <mailto:[email protected]>> > www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs><http://www.uoguelph.ca/ccs > > > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > > > _______________________________________________ > cisco-voip mailing list > [email protected]<mailto:[email protected]><mailto: > [email protected]<mailto:[email protected]>> > https://puck.nether.net/mailman/listinfo/cisco-voip > > > > > > > _______________________________________________ > cisco-voip mailing list > [email protected]<mailto:[email protected]> > https://puck.nether.net/mailman/listinfo/cisco-voip > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
