[EMAIL PROTECTED] wrote:
I am tasked with identifying which systems in our network required this patch. I have a tool that can search files for particular data. Is there a value in a file on vulnerable systems that can positively identify which systems need the patch?
If you're referring to CVE-2007-5502 (http://www.openssl.org/news/secadv_20071129.txt) then the answer is "not really". The OpenSSL FIPS Object Module is just that, an object module embedded in application binary runtime code. For any given instantiation (embedding in an application) of that object module there will be distinctive patterns (such as the internal HMAC-SHA-1 digest used for the integrity test), but there is no single such value common to all instantiations of the OpenSSL FIPS Object Module.
And even more to the point, there is currently no patch to apply, nor will there be until the CMVP approves the revised version that was submitted last Thursday. That will take perhaps another week, then the software vendors will need to rework their applications accordingly. Only then will you have patches to apply.
-Steve M. -- Steve Marquess Open Source Software Institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
