Thanks Mike but still i have a couple of questions. How can I check the way OpenSSH is built? By checking its folder and its files in there?
If openssl is used truly by other apps, then is it possible to be able to check somehow its version? Because in windows box u cannot execute openssl commands unless u have its .exe file, right? Finally, a possible upgrade of openssl version in such cases as my scanner suggests would not be possible I guess without upgrading the app which uses it, right? Thank you again in advance. Argyris Begin forwarded message: > From: "Michael S. Zick" <open...@morethan.org> > Date: 12 May 2011 14:22:58 GMT+01:00 > To: openssl-users@openssl.org > Subject: Re: vulnerability management > Reply-To: openssl-users@openssl.org > > On Thu May 12 2011, Argyris Ps wrote: >> >> Hi all, >> >> >> I have run a vulnerability scanning against some systems and some >> vulnerabilities have come up related with OpenSSL. However, some of them >> have not 443 port open or have nothing but a single file named as openSSL >> inside some other's application folder. I asked about the operation of that >> application and whether it uses openSSL somehow. It does not. Not to mention >> that OpenSSL does not appear among the tasks or services running. >> >> >> Sometimes, I find OpenSSH being used but not OpenSSL. Does that use any >> OpenSSL libraries? >> > > OpenSSH can be built against the OpenSSL (or other) libraries. > So it is possible that is why your seeing OpenSSL use, check your build > of OpenSSH to see how it was created. > > Although many applications build against the OpenSSL libraries, so the > OpenSSH that you see may not be the only reason you see the OpenSSL usage. > > Mike >> >> I am trying to understand how my vulnerability scanner detects OpenSSL in >> cases like the ones I described above... >> >> >> Is there any way to check whether OpenSSL is being used by a system (eg. >> Windows server)? >> >> >> >> >> I would appreciate anyone's help with this as I am not experienced with >> OpenSSL. >> >> >> >> >> Thank you. > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
