[24669] in bugtraq
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability
daemon@ATHENA.MIT.EDU (Jean-loup Gailly)
Wed Mar 13 18:35:59 2002
Message-ID: <15503.40261.515162.26435@kerla.poseidon-tech.com>
Date: Wed, 13 Mar 2002 19:41:09 +0100
From: Jean-loup Gailly <jloup@gzip.org>
To: <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>
In-Reply-To: <Pine.BSO.4.33.0203112131260.11537-100000@brained.org>
Reply-To: Jean-loup Gailly <jloup@gzip.org>
hologram writes:
> The following is a quick shell script to find suid binaries that are
> potentially affected by the zlib vulnability (i.e., those dynamically
> linked).
> #!/bin/sh
> (ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
[...]
Florian Weimer <weimer@cert.uni-stuttgart.de> has written find-zlib
http://cert.uni-stuttgart.de/files/fw/find-zlib
which will do a much better job of finding applications using zlib.
A partial list of such applications is given in
http://www.gzip.org/zlib/apps.html
Thanks to Roman Drahtmueller <draht@suse.de> for contributing most of
this list.
Jean-loup
