I was asked this morning if we were vulnerable to this flaw (documented at http://openssl.org/news/secadv_20150709.txt). I threw this together real quick. I know there are other ways of doing it, but this was a simple and quick method that allowed us to check all our servers and be done with it.
Step 1. Created an Extended Object for Linux Servers running remotely with the following command:
openssl version | grep -e 1.0.2c -e 1.02.b -e 1.0.1n -e 1.01o > /dev/null && echo "OpenSSL vulnerable" || echo "OpenSSL not vulnerable"
Step 2. Ran an audit against a server that was "not vulnerable".
Step 3. Read the results ;-)
Hope this can help someone else. Cheers!