Home page logo

bugtraq logo Bugtraq mailing list archives

Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
From: Bernd Jendrissek <berndj () prism co za>
Date: Wed, 13 Mar 2002 14:24:05 +0200

In article <Pine.BSO.4.33.0203112131260.11537-100000 () brained org> hologram <holo () brained org> wrote:
The following is a quick shell script to find suid binaries that are
potentially affected by the zlib vulnability (i.e., those dynamically

[snip again]

I'm more concerned about *statically* linked binaries, since dynamically
linked binaries should automagically use the patched libz when it is

# find / -type f -print0 |xargs -0 strings -af |grep '\(in\|de\)flate.*\(Gailly\|Adler\)'
(Apologies to Gailly and Adler.)

Besides the usual suspects (/usr/lib/libz*, etc.) here are some binaries I
would consider "sensitive":
"Never install packages from untrusted sources"
Understandable, sa == Stand-Alone
lots of stuff under /usr/X11R6/bin - of course
So anoncvs can "fix" gcc to become like dmr's trusting-trust C compiler?
some stuff under /usr/lib/perl5
Now all you need to do is dial up and send some bogus compressed PPP?
Unlimited ISP access?  Neat!

Bernd Jendrissek

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]