[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

what actually uses xdr_mem.c?



Idea is cool, but it just won't work on staticaly linked files, you can 
test this with:

# readelf -a /bin/ls

for example :(

I don't think there is 100% way of telling whether staticaly linked file 
is linked against vulnerable xdr_mem.o, especially because obviously 
rcsid string is undefined in source file.
Exept of course searching for machine bytes composing vulnerable code :)

Regards,
Uros Juvan

D J Hawkey Jr wrote:

>On Mar 26, at 02:00 PM, Simon Barner wrote:
>  
>
>>As far as I understood your script, it scans the output of "readelf -a", and
>>prints that file name if and only if this output contains "XDR" or "xdr". Will
>>this work if the binary is stripped (sorry in case I just overlooked something
>>stupid :-)
>>    
>>
>
>Yes, it does. AFAIK, all base (and port?) software is [by default] stripped
>on installation, and the environment I tested that command with had stripped
>binaries.
>
>That isn't "stupid"; it took me a little while to work up that command
>(I didn't even know about readelf(1) until someone mentioned it to me).
>I'm no ELF expert - I'm no anything expert - but it appears that the ELF
>format itself contains these "labels".
>
>  
>
>>Regards,
>> Simon
>>    
>>
>
>Dave
>
>  
>