Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability

• Previous message: Christopher X. Candreva: "Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris"
• In reply to: hologram: "zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Next in thread: Guy Poizat: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2002-03-12 at 03:36:35 hologram wrote:

h> The following is a quick shell script to find suid binaries that
h> are potentially affected by the zlib vulnability (i.e., those
h> dynamically linked).
==snip==
h> (ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst

You might want to search for "libz", because most systems use
libz.so.NN as the filename for the zlib shared libary. Also, why don't
you simply search off the root directory?

Cheers,
- --
Dimitry Andric <dimat_private>
PGP Key: http://www.xs4all.nl/~dim/dim.asc
Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3
Lbh ner abj va ivbyngvba bs gur QZPN

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBPI81SbBeowouIJajEQKPrgCglDtC+CE3y82BQdfENl6E8usfApEAn1Pz
8wpSVOudsmoUmivQHdg9zYdo
=gpjk
-----END PGP SIGNATURE-----

• Next message: Alex Hernandez: "Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version)"
• Previous message: Christopher X. Candreva: "Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris"
• In reply to: hologram: "zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Next in thread: Guy Poizat: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 15:46:32 PST