Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
From: Guy Poizat <poizat () partsonline fr>
Date: Wed, 13 Mar 2002 11:51:45 +0100

Could be worth also checking for sgid binaries using
"find -perm -4000 -or -perm -2000"

And the real paranoid would instead check for all execs.

--
        Guy

At 03:36 12/03/2002, hologram wrote:
Hi,

The following is a quick shell script to find suid binaries that are
potentially affected by the zlib vulnability (i.e., those dynamically
linked).

-[snip]-----------------------------------------------------------------

#!/bin/sh
# zlibscan by hologram <holo () brained org>
# This will scan to find suid binaries potentially affected by the zlib
# vulnerablity. These are important directories for the Linux system,
# try different ones for other systems (i.e., /usr/etc, /usr/local/bin).
(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst

-[snap]-----------------------------------------------------------------

- hologram


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault