[VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability

From: hologram (holo@brained.org)
Date: Mon Mar 11 2002 - 21:36:35 EST

• Next message: H D Moore: "[VulnWatch] exploiting the zlib bug in openssh"
• Previous message: Marc Maiffret: "[VulnWatch] ADVISORY: Windows Shell Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

The following is a quick shell script to find suid binaries that are
potentially affected by the zlib vulnability (i.e., those dynamically
linked).

-[snip]-----------------------------------------------------------------

#!/bin/sh
# zlibscan by hologram <holo@brained.org>
# This will scan to find suid binaries potentially affected by the zlib
# vulnerablity. These are important directories for the Linux system,
# try different ones for other systems (i.e., /usr/etc, /usr/local/bin).
(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst

-[snap]-----------------------------------------------------------------

- hologram

• Next message: H D Moore: "[VulnWatch] exploiting the zlib bug in openssh"
• Previous message: Marc Maiffret: "[VulnWatch] ADVISORY: Windows Shell Overflow"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:21:35 EDT