Bugtraq mailing list archives

Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability

From: Dimitry Andric <dim () xs4all nl>
Date: Wed, 13 Mar 2002 13:17:21 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-12 at 03:36:35 hologram wrote:

h> The following is a quick shell script to find suid binaries that
h> are potentially affected by the zlib vulnability (i.e., those
h> dynamically linked).
==snip==
h> (ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst

You might want to search for "libz", because most systems use
libz.so.NN as the filename for the zlib shared libary. Also, why don't
you simply search off the root directory?

Cheers,
- --
Dimitry Andric <dim () xs4all nl>
PGP Key: http://www.xs4all.nl/~dim/dim.asc
Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3
Lbh ner abj va ivbyngvba bs gur QZPN

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBPI81SbBeowouIJajEQKPrgCglDtC+CE3y82BQdfENl6E8usfApEAn1Pz
8wpSVOudsmoUmivQHdg9zYdo
=gpjk
-----END PGP SIGNATURE-----

Current thread:

zlibscan : script to find suid binaries possibly affected by zlib vulnerability hologram (Mar 12)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Adam (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Florian Weimer (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Jean-loup Gailly (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Dimitry Andric (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Guy Poizat (Mar 13)
- <Possible follow-ups>
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Bernd Jendrissek (Mar 13)