oss-sec mailing list archives
minor problem on detect_sh.bin
From: Lam Bruce <brucelam1982pi () gmail com>
Date: Fri, 5 Apr 2024 11:01:59 +0800
Hi, I tried detect_sh.bin from the end of https://www.openwall.com/lists/oss-security/2024/03/29/4 no out put message, then I figured out to comment out set -eu in detect_sh.bin. Here is the modified script, in public domain. #! /bin/bash #set -eu #some variables are likely to be unset in the original detect_sh.bin, #detect_sh.bin will exit, so please add # before 'set -eu' #Generally, set -eu is a good idea for scripts(finding bugs, avoid unintended damage), #but in this case, it is not. ;-) # chmod u+x ./detect_sh_2024-04-05.bin # ./detect_sh_2024-04-05.bin #Modified by BruceLam on 2024-04-05 # find path to liblzma used by sshd path="" sshd_path=$(which sshd) if [ "" == "$sshd_path" ]; then echo 'no sshd here. probably not vulnerable. Good luck :-)' exit else path="$(ldd $sshd_path | grep liblzma | grep -o '/[^ ]*')" fi # does it even exist? if [ "$path" == "" ] then echo probably not vulnerable exit fi # check for function signature signature=f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410 if hexdump -ve '1/1 "%.2x"' "$path" | grep -q "$signature" then echo probably vulnerable else echo probably not vulnerable fi #end of script Use open source, libre software to make to world better, :-) Best Wishes Bruce Lam
Attachment:
detect_sh_2024-04-05.bin
Description:
Current thread:
- minor problem on detect_sh.bin Lam Bruce (Apr 05)