CVE-2024-3094_check.sh

#! /bin/bash
# Modified to run both (redudantly, yes, I know, I am paranoid, you should be too) checks
#
set -eu

# find path to liblzma used by sshd
path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
echo 'Check one: does it even exist?'
# does it even exist?
if [ "$path" == "" ]
then
	echo probably not vulnerable
	# exit
fi
echo 'Check 2: function signature'
# check for function signature
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
then
	echo probably vulnerable
else
	echo probably not vulnerable
fi

This script mess up with the global environment variable path. I would change it to rename the variable path eg path_cve_2024_3094="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"

Suggestion to not use the hexdump as it needs to be installed seperately on most distros:

#! /bin/bash
# Modified to run both checks using xxd or od as fallback

set -eu

# Find path to liblzma used by sshd
path_cve_2024_3094="$(ldd $(which sshd 2>/dev/null) | grep liblzma | grep -oP '/[^ ]+')"

# Check if the path was found
if [ -z "$path_cve_2024_3094" ]; then
  echo "liblzma not found in the sshd dependencies. Your system might not be vulnerable or sshd is not installed."
  exit 1
fi

echo 'Check one: does it even exist?'
# Check if the file exists
if [ ! -f "$path_cve_2024_3094" ]; then
  echo "The liblzma file does not exist at the detected path: $path_cve_2024_3094. Probably not vulnerable."
  exit 1
fi

echo 'Check 2: function signature'

# Function to check for vulnerability using xxd or od
check_vulnerability() {
  local path="$1"
  
  # Check if xxd is available
  if command -v xxd > /dev/null; then
    xxd -p "$path" | tr -d '\n' | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410' && echo "probably vulnerable" || echo "probably not vulnerable"
  elif command -v od > /dev/null; then
    # Use od as a fallback
    od -v -t x1 -An "$path" | tr -d ' \n' | grep -q 'f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410' && echo "probably vulnerable" || echo "probably not vulnerable"
  else
    echo "Neither xxd nor od is available on this system. Cannot perform signature check."
    exit 1
  fi
}

check_vulnerability "$path_cve_2024_3094"

You should not use ldd on unsafe binaries:
https://jmmv.dev/2023/07/ldd-untrusted-binaries.html
https://lore.kernel.org/linux-man/[email protected]/t/#u

I have updated your script @Sn0w3y with the suggestion of @eliehalimi to not use ldd. Changes I have made are

path_to_sshd=$(which sshd 2>/dev/null)
/lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd"
linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd")
path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')"

I did not want to clutter up the comment section. I have put an updated script in my gist here: https://gist.github.com/amaddio/d95391c48562f6f40235ab5e839bc1ee

I have updated your script @Sn0w3y with the suggestion of @eliehalimi to not use ldd. Changes I have made are

path_to_sshd=$(which sshd 2>/dev/null)
/lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd"
linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd")
path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')"

I did not want to clutter up the comment section. I have put an updated script in my gist here: https://gist.github.com/amaddio/d95391c48562f6f40235ab5e839bc1ee

Great, thanks!