Well, there's more that one way to skin a cat. Below is how I skinned it.
#! /bin/sh EXE_DIRECTORIES="/bin /sbin /usr/bin /usr/local/bin" SO_DIRECTORIES="/lib /lib64 /usr/local/lib" FILES= VULNERABLE= echo "Generating file list..." for d in $EXE_DIRECTORIES ; do TEMP=`find "$d" -type f -executable -exec file -i '{}' \; | grep 'x-executable; charset=binary' | cut -f 1 -d:` for t in "$TEMP" ; do FILES="$FILES $t" done done for d in $SO_DIRECTORIES ; do TEMP=`find "$d" -type f -executable -exec file -i '{}' \; | grep 'x-executable; charset=binary' | cut -f 1 -d:` for t in "$TEMP" ; do FILES="$FILES $t" done done echo "Testing executables..." for f in $FILES ; do COUNT=`nm -D "$f" 2>/dev/null | grep gethostbyname | grep -c -w U` if [ "$COUNT" -ne 0 ]; then VULNERABLE="$VULNERABLE $f" fi done COUNT1=`echo "$FILES" | wc -l` COUNT2=`echo "$VULNERABLE" | grep -o " " | wc -l` if [ "$COUNT2" -ne 0 ]; then COUNT2=$(( $COUNT2 + 1 )) fi echo "Examined components: $COUNT1" echo "Vulnerable components: $COUNT2" echo "*****************************" for v in $VULNERABLE ; do echo "$v" done
On a typical Ubuntu 14 development system, here's what I am getting:
$ ./glibc-check.sh Generating file list... Testing executables... Examined components: 961 Vulnerable components: 32 ***************************** /bin/ss /bin/hostname /bin/tar /bin/cpio /bin/netstat /bin/ping /bin/mt-gnu /sbin/agetty /sbin/route /sbin/rarp /sbin/ifconfig /sbin/getty /usr/bin/logger /usr/bin/git-upload-pack /usr/bin/aseqnet /usr/bin/git /usr/bin/telnet.netkit /usr/bin/getent /usr/bin/mtr /usr/bin/mtools /usr/bin/gethostip /usr/bin/gdb /usr/bin/tracepath /usr/bin/python3.4m /usr/bin/python2.7 /usr/bin/arping /usr/bin/python3.4 /usr/bin/traceroute6.iputils /usr/bin/openssl /usr/bin/git-shell /usr/bin/rsync
But its only a subset of the 19000+ packages that depend on libc6 (its only the installed packages; and its only components in well known locations):
$ apt-cache rdepends libc6 | wc -l 19125