It is indeed a modified version I made of that script. I had some issues with the way the while loop was implemented in the main function resulting in the server hello not being read correctly. To resolve, I found that all my server hello's were completed in one packet so I just removed the while loop.
Brian On Tue, Apr 8, 2014 at 11:07 PM, Joshua Morgan <[email protected]>wrote: > It's likely this script or a modified version thereof: > https://gist.github.com/takeshixx/10107280 > > Josh > > > On Wed, Apr 9, 2014 at 1:02 PM, Mehtab Shinwari <[email protected]>wrote: > >> Brian, >> >> Is the script internal to Cisco? I would love to do some internal testing >> in my lab on a few different versions before I send notifications to our >> clients that have the affected versions. >> >> In other words can I please have the script? :) >> >> >> Mehtab Shinwari | CCNP RS/V >> Senior Support Engineer >> >> >> >> -------- Original message -------- >> From: Brian Meade <[email protected]> >> Date: >> To: Lelio Fulgenzi <[email protected]> >> Cc: cisco-voip voyp list <[email protected]> >> Subject: Re: [cisco-voip] openSSL and heartbleed >> >> >> Here's what I found testing against 9.1.2.10000.28 with a slightly >> modified python script: >> bmeade@ubuntu:~$ python vulnscript 10.3.11.250 >> Connecting... >> Sending Client Hello... >> Waiting for Server Hello... >> ... received message: type = 22, ver = 0301, length = 1012 >> Sending heartbeat request... >> Unexpected EOF receiving record header - server closed connection >> No heartbeat response received, server likely not vulnerable >> >> This is assuming the released script is checking for the vulnerability >> properly. >> >> Brian >> >> >> On Tue, Apr 8, 2014 at 5:51 PM, Brian Meade <[email protected]<mailto: >> [email protected]>> wrote: >> I haven't seen one. Currently trying to run the example python script >> against one of my clusters but having some trouble. >> >> >> On Tue, Apr 8, 2014 at 5:24 PM, Lelio Fulgenzi <[email protected]<mailto: >> [email protected]>> wrote: >> weird. for some reason i fixated on the date beneath the entry in the >> search listing which had 2011, which made more sense. >> >> do you know if there is a more recent advisory? >> >> >> --- >> Lelio Fulgenzi, B.A. >> Senior Analyst, Network Infrastructure >> Computing and Communications Services (CCS) >> University of Guelph >> >> 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> >> [email protected]<mailto:[email protected]> >> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> >> Room 037, Animal Science and Nutrition Building >> Guelph, Ontario, N1G 2W1 >> >> ________________________________ >> From: "Brian Meade" <[email protected]<mailto:[email protected]>> >> To: "Lelio Fulgenzi" <[email protected]<mailto:[email protected]>> >> Cc: "cisco-voip voyp list" <[email protected]<mailto: >> [email protected]>> >> Sent: Tuesday, April 8, 2014 5:16:32 PM >> Subject: Re: [cisco-voip] openSSL and heartbleed >> >> >> I don't think that's the correct advisory. That's a DoS vulnerability >> from 2004. >> >> Brian >> >> >> On Tue, Apr 8, 2014 at 5:11 PM, Lelio Fulgenzi <[email protected]<mailto: >> [email protected]>> wrote: >> nevermind... my first search did not produce results... >> >> >> http://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20040317-openssl.html >> >> >> --- >> Lelio Fulgenzi, B.A. >> Senior Analyst, Network Infrastructure >> Computing and Communications Services (CCS) >> University of Guelph >> >> 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> >> [email protected]<mailto:[email protected]> >> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> >> Room 037, Animal Science and Nutrition Building >> Guelph, Ontario, N1G 2W1 >> >> ________________________________ >> From: "Lelio Fulgenzi" <[email protected]<mailto:[email protected]>> >> To: "cisco-voip voyp list" <[email protected]<mailto: >> [email protected]>> >> Sent: Tuesday, April 8, 2014 5:09:01 PM >> Subject: openSSL and heartbleed >> >> >> >> Does anyone know if/when Cisco will be coming out with a security >> advisory about Open SSL and heartbleed? >> >> http://threatpost.com/seriousness-of-openssl-heartbleed-bug-sets-in/105309 >> >> >> >> --- >> Lelio Fulgenzi, B.A. >> Senior Analyst, Network Infrastructure >> Computing and Communications Services (CCS) >> University of Guelph >> >> 519‐824‐4120 Ext 56354<tel:519%E2%80%90824%E2%80%904120%20Ext%2056354> >> [email protected]<mailto:[email protected]> >> www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> >> Room 037, Animal Science and Nutrition Building >> Guelph, Ontario, N1G 2W1 >> >> >> >> _______________________________________________ >> cisco-voip mailing list >> [email protected]<mailto:[email protected]> >> https://puck.nether.net/mailman/listinfo/cisco-voip >> >> >> >> >> >> >> _______________________________________________ >> cisco-voip mailing list >> [email protected] >> https://puck.nether.net/mailman/listinfo/cisco-voip >> > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
