Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability

From: Adam <adam () cfar umd edu>
Date: Tue, 12 Mar 2002 22:14:05 -0500 (EST)
#!/bin/sh
(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst


few comments:

1) wasn't the library called 'libz' instead of 'zlib'? at least
   so it is called on my system:

        # rpm -q -l zlib
         /usr/lib/libz.so.1

2) ldd is just shell wrapper, so for system wide search it is more
   efficent to call ld-linux directly (at least for linux systems)
   for example

        # ldd /sbin/askrunlevel | grep libz
                libz.so.1 => /usr/lib/libz.so.1 (0x400fa000)

        # /lib/ld-linux.so.2 --list /sbin/askrunlevel | grep libz
                libz.so.1 => /usr/lib/libz.so.1 (0x400e4000)

3) you are forgetting that library can call in turn call other
   libraries. so searching binary directories is not enough. you have
   to, at least, search library directories as well. for example:

        # /lib/ld-linux.so.2 --list /usr/lib/kcalc.so  | grep libz
                libz.so.1 => /usr/lib/libz.so.1 (0x40be3000)

-- 
Adam
http://www.eax.com      The Supreme Headquarters of the 32 bit registers
Previous By Date Next
Previous By Thread Next

Current thread: