Bugtraq mailing list archives
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
From: Bernd Jendrissek <berndj () prism co za>
Date: Wed, 13 Mar 2002 14:24:05 +0200
In article <Pine.BSO.4.33.0203112131260.11537-100000 () brained org> hologram <holo () brained org> wrote:
The following is a quick shell script to find suid binaries that are potentially affected by the zlib vulnability (i.e., those dynamically linked). -[snip]-----------------------------------------------------------------
[snip again] I'm more concerned about *statically* linked binaries, since dynamically linked binaries should automagically use the patched libz when it is installed. # find / -type f -print0 |xargs -0 strings -af |grep '\(in\|de\)flate.*\(Gailly\|Adler\)' (Apologies to Gailly and Adler.) Besides the usual suspects (/usr/lib/libz*, etc.) here are some binaries I would consider "sensitive":
/bin/rpm /sbin/install-info
"Never install packages from untrusted sources"
/sbin/sash
Understandable, sa == Stand-Alone
lots of stuff under /usr/X11R6/bin - of course /usr/bin/rpm2cpio /usr/bin/cvs
So anoncvs can "fix" gcc to become like dmr's trusting-trust C compiler?
/usr/bin/rsync /usr/lib/kaffe/libawt-1.0.6.so some stuff under /usr/lib/perl5 /usr/sbin/pppdump
Now all you need to do is dial up and send some bogus compressed PPP? Unlimited ISP access? Neat! Bernd Jendrissek
Current thread:
- zlibscan : script to find suid binaries possibly affected by zlib vulnerability hologram (Mar 12)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Adam (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Florian Weimer (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Jean-loup Gailly (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Dimitry Andric (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Guy Poizat (Mar 13)
- <Possible follow-ups>
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Bernd Jendrissek (Mar 13)