Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability

• Previous message: Obscure: "Re[2]: [VulnWatch] IMail Account hijack through the Web Interface"
• In reply to: hologram: "zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Could be worth also checking for sgid binaries using
"find -perm -4000 -or -perm -2000"

And the real paranoid would instead check for all execs.

--
         Guy

At 03:36 12/03/2002, hologram wrote:
>Hi,
>
>The following is a quick shell script to find suid binaries that are
>potentially affected by the zlib vulnability (i.e., those dynamically
>linked).
>
>-[snip]-----------------------------------------------------------------
>
>#!/bin/sh
># zlibscan by hologram <holoat_private>
># This will scan to find suid binaries potentially affected by the zlib
># vulnerablity. These are important directories for the Linux system,
># try different ones for other systems (i.e., /usr/etc, /usr/local/bin).
>(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
>(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>
>-[snap]-----------------------------------------------------------------
>
>- hologram

• Next message: securityat_private: "Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability"
• Previous message: Obscure: "Re[2]: [VulnWatch] IMail Account hijack through the Web Interface"
• In reply to: hologram: "zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 13 2002 - 18:14:06 PST