Fwd: Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability

Mark Street jet at sonic.net
Wed Mar 13 15:43:59 PST 2002


>From: Jean-loup Gailly <jloup at gzip.org>
>To: <bugtraq at securityfocus.com>, <vulnwatch at vulnwatch.org>
>Subject: Re: zlibscan : script to find suid binaries possibly affected by 
>zlib vulnerability
>X-Mailer: VM 6.89 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid
>Reply-To: Jean-loup Gailly <jloup at gzip.org>
>X-Spam-Status: No, hits=-2.1 required=5.0 tests=IN_REP_TO,RAZOR_CHECK,AWL 
>version=2.20
>
>
>hologram writes:
>
> > The following is a quick shell script to find suid binaries that are
> > potentially affected by the zlib vulnability (i.e., those dynamically
> > linked).
> > #!/bin/sh
> > (ldd `find /bin -perm -4000` 2> /dev/null | grep zlib) > zlib.lst
>[...]
>
>Florian Weimer <weimer at cert.uni-stuttgart.de> has written find-zlib
>http://cert.uni-stuttgart.de/files/fw/find-zlib
>which will do a much better job of finding applications using zlib.
>
>A partial list of such applications is given in
>http://www.gzip.org/zlib/apps.html
>Thanks to Roman Drahtmueller <draht at suse.de> for contributing most of
>this list.
>
>Jean-loup
>
>
>
>---
>
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.330 / Virus Database: 184 - Release Date: 2/28/2002



More information about the talk mailing list