[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
what actually uses xdr_mem.c?
- Subject: what actually uses xdr_mem.c?
- From: uros.juvan at arnes.si (Uros Juvan)
- Date: Wed Mar 26 05:47:15 2003
Idea is cool, but it just won't work on staticaly linked files, you can
test this with:
# readelf -a /bin/ls
for example :(
I don't think there is 100% way of telling whether staticaly linked file
is linked against vulnerable xdr_mem.o, especially because obviously
rcsid string is undefined in source file.
Exept of course searching for machine bytes composing vulnerable code :)
D J Hawkey Jr wrote:
>On Mar 26, at 02:00 PM, Simon Barner wrote:
>>As far as I understood your script, it scans the output of "readelf -a", and
>>prints that file name if and only if this output contains "XDR" or "xdr". Will
>>this work if the binary is stripped (sorry in case I just overlooked something
>Yes, it does. AFAIK, all base (and port?) software is [by default] stripped
>on installation, and the environment I tested that command with had stripped
>That isn't "stupid"; it took me a little while to work up that command
>(I didn't even know about readelf(1) until someone mentioned it to me).
>I'm no ELF expert - I'm no anything expert - but it appears that the ELF
>format itself contains these "labels".
Visit your host, monkey.org