[24674] in bugtraq
Re: zlibscan : script to find suid binaries possibly affected
daemon@ATHENA.MIT.EDU (Guy Poizat)
Wed Mar 13 21:14:12 2002
Message-Id: <5.1.0.14.0.20020313114921.00a6b200@pop.partsonline.fr>
Date: Wed, 13 Mar 2002 11:51:45 +0100
To: holo@brained.org, bugtraq@securityfocus.com, vulnwatch@vulnwatch.org
From: Guy Poizat <poizat@partsonline.fr>
In-Reply-To: <Pine.BSO.4.33.0203112131260.11537-100000@brained.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Could be worth also checking for sgid binaries using
"find -perm -4000 -or -perm -2000"
And the real paranoid would instead check for all execs.
--
Guy
At 03:36 12/03/2002, hologram wrote:
>Hi,
>
>The following is a quick shell script to find suid binaries that are
>potentially affected by the zlib vulnability (i.e., those dynamically
>linked).
>
>-[snip]-----------------------------------------------------------------
>
>#!/bin/sh
># zlibscan by hologram <holo@brained.org>
># This will scan to find suid binaries potentially affected by the zlib
># vulnerablity. These are important directories for the Linux system,
># try different ones for other systems (i.e., /usr/etc, /usr/local/bin).
>(ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
>(ldd `find /sbin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /usr/bin -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /etc -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>(ldd `find /var -perm -4000` 2> /dev/null | grep zlib) >> zlib.lst
>
>-[snap]-----------------------------------------------------------------
>
>- hologram
