On 2014-04-08, Leon Fauster leonfauster@googlemail.com wrote:
looking inside - its seems that this issue (cve-2014-0160) is resolved in ssl/d1_both.c and ssl/t1_lib.c and not in files under crypto/ ... to say more i have to take a look into the build process.
So if it turns out to be true that the bug is in libssl, and not libcrypto (which so far seems like a reasonable guess, but has not yet been confirmed), then the following lsof should work to report active processes which are still vulnerable:
lsof -n | grep -E libssl | grep -i DEL
The -i makes the grep case-insensitive. I've seen both DEL and deleted in the lsof output for various CentOS versions; it's possible that an old lsof could still be running on a box with a vulnerable openssl, though, so it's safest to look for both patterns.
--keith