Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
From: Adam <adam () cfar umd edu>
Date: Tue, 12 Mar 2002 22:14:05 -0500 (EST)

#!/bin/sh
(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst

few comments:

1) wasn't the library called 'libz' instead of 'zlib'? at least
   so it is called on my system:

        # rpm -q -l zlib
         /usr/lib/libz.so.1

2) ldd is just shell wrapper, so for system wide search it is more
   efficent to call ld-linux directly (at least for linux systems)
   for example

        # ldd /sbin/askrunlevel | grep libz
                libz.so.1 => /usr/lib/libz.so.1 (0x400fa000)

        # /lib/ld-linux.so.2 --list /sbin/askrunlevel | grep libz
                libz.so.1 => /usr/lib/libz.so.1 (0x400e4000)

3) you are forgetting that library can call in turn call other
   libraries. so searching binary directories is not enough. you have
   to, at least, search library directories as well. for example:

        # /lib/ld-linux.so.2 --list /usr/lib/kcalc.so  | grep libz
                libz.so.1 => /usr/lib/libz.so.1 (0x40be3000)

-- 
Adam
http://www.eax.com      The Supreme Headquarters of the 32 bit registers


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault