Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability

From: Bernd Jendrissek (berndj@prism.co.za)
Date: 03/13/02

• Previous message: Florian Weimer: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Maybe in reply to: hologram: "zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Next in thread: Jean-loup Gailly: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 13 Mar 2002 14:24:05 +0200
From: Bernd Jendrissek <berndj@prism.co.za>
To: bugtraq@securityfocus.com

In article <Pine.BSO.4.33.0203112131260.11537-100000@brained.org> hologram <holo@brained.org> wrote:
>The following is a quick shell script to find suid binaries that are
>potentially affected by the zlib vulnability (i.e., those dynamically
>linked).
>
>-[snip]-----------------------------------------------------------------
[snip again]

I'm more concerned about *statically* linked binaries, since dynamically
linked binaries should automagically use the patched libz when it is
installed.

# find / -type f -print0 |xargs -0 strings -af |grep '\(in\|de\)flate.*\(Gailly\|Adler\)'
(Apologies to Gailly and Adler.)

Besides the usual suspects (/usr/lib/libz*, etc.) here are some binaries I
would consider "sensitive":
> /bin/rpm
> /sbin/install-info
"Never install packages from untrusted sources"
> /sbin/sash
Understandable, sa == Stand-Alone
> lots of stuff under /usr/X11R6/bin - of course
> /usr/bin/rpm2cpio
> /usr/bin/cvs
So anoncvs can "fix" gcc to become like dmr's trusting-trust C compiler?
> /usr/bin/rsync
> /usr/lib/kaffe/libawt-1.0.6.so
> some stuff under /usr/lib/perl5
> /usr/sbin/pppdump
Now all you need to do is dial up and send some bogus compressed PPP?
Unlimited ISP access? Neat!

Bernd Jendrissek

---

• Previous message: Florian Weimer: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Maybe in reply to: hologram: "zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Next in thread: Jean-loup Gailly: "Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Stamp Prices Set for Another Hike ... snip - snip - snip ... FWIW - "NO BINARIES IN TEXT GROUPS!" ... As for the poster that bitched about the "binaries." ... But I would put HTML ... (misc.transport.trucking) Re: COMAL Article from "FOGHorn" Magazine ... On the Internet, there is a Scotish society selling UniCOMAL V3.1 ... There is no shortage of binaries and documentation for the various ... (comp.os.cpm) Re: Stamp Prices Set for Another Hike ... snip - snip - snip ... FWIW - "NO BINARIES IN TEXT GROUPS!" ... binary star is a system in which two stars revolve around each other"; ... Independent AMSOIL Dealer ... (misc.transport.trucking) Re: Playing music via bash? ... it possible to play music files via bash commands? ... You need other binaries. ... (comp.os.linux.misc) Re: Why cant I open fig files that I just created ... Elena Craig: ... <SNIP cannot open a previously saved figure in a <.fig> ... files are binaries ... if you want to <edit> the file, ... (comp.soft-sys.matlab)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-03