Bugtraq mailing list archives
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
From: Guy Poizat <poizat () partsonline fr>
Date: Wed, 13 Mar 2002 11:51:45 +0100
Could be worth also checking for sgid binaries using "find -perm -4000 -or -perm -2000" And the real paranoid would instead check for all execs. -- Guy At 03:36 12/03/2002, hologram wrote:
Hi, The following is a quick shell script to find suid binaries that are potentially affected by the zlib vulnability (i.e., those dynamically linked). -[snip]----------------------------------------------------------------- #!/bin/sh # zlibscan by hologram <holo () brained org> # This will scan to find suid binaries potentially affected by the zlib # vulnerablity. These are important directories for the Linux system, # try different ones for other systems (i.e., /usr/etc, /usr/local/bin). (ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst (ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst (ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst (ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst (ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst -[snap]----------------------------------------------------------------- - hologram
Current thread:
- zlibscan : script to find suid binaries possibly affected by zlib vulnerability hologram (Mar 12)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Adam (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Florian Weimer (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Jean-loup Gailly (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Dimitry Andric (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Guy Poizat (Mar 13)
- <Possible follow-ups>
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Bernd Jendrissek (Mar 13)