Bugtraq mailing list archives
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
From: Adam <adam () cfar umd edu>
Date: Tue, 12 Mar 2002 22:14:05 -0500 (EST)
#!/bin/sh (ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst (ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst (ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst (ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst (ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
few comments: 1) wasn't the library called 'libz' instead of 'zlib'? at least so it is called on my system: # rpm -q -l zlib /usr/lib/libz.so.1 2) ldd is just shell wrapper, so for system wide search it is more efficent to call ld-linux directly (at least for linux systems) for example # ldd /sbin/askrunlevel | grep libz libz.so.1 => /usr/lib/libz.so.1 (0x400fa000) # /lib/ld-linux.so.2 --list /sbin/askrunlevel | grep libz libz.so.1 => /usr/lib/libz.so.1 (0x400e4000) 3) you are forgetting that library can call in turn call other libraries. so searching binary directories is not enough. you have to, at least, search library directories as well. for example: # /lib/ld-linux.so.2 --list /usr/lib/kcalc.so | grep libz libz.so.1 => /usr/lib/libz.so.1 (0x40be3000) -- Adam http://www.eax.com The Supreme Headquarters of the 32 bit registers
Current thread:
- zlibscan : script to find suid binaries possibly affected by zlib vulnerability hologram (Mar 12)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Adam (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Florian Weimer (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Jean-loup Gailly (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Dimitry Andric (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Guy Poizat (Mar 13)
- <Possible follow-ups>
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Bernd Jendrissek (Mar 13)