CVE-2024-3094_check.sh

#! /bin/bash
# Modified to run both (redudantly, yes, I know, I am paranoid, you should be too) checks
#
set -eu

# find path to liblzma used by sshd
path="$(ldd $(which sshd) | grep liblzma | grep -o '/[^ ]*')"
echo 'Check one: does it even exist?'
# does it even exist?
if [ "$path" == "" ]
then
	echo probably not vulnerable
	# exit
fi
echo 'Check 2: function signature'
# check for function signature
if hexdump -ve '1/1 "%.2x"' "$path" | grep -q f30f1efa554889f54c89ce5389fb81e7000000804883ec28488954241848894c2410
then
	echo probably vulnerable
else
	echo probably not vulnerable
fi

I have updated your script @Sn0w3y with the suggestion of @eliehalimi to not use ldd. Changes I have made are

path_to_sshd=$(which sshd 2>/dev/null)
/lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd"
linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd")
path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')"

I did not want to clutter up the comment section. I have put an updated script in my gist here: https://gist.github.com/amaddio/d95391c48562f6f40235ab5e839bc1ee

I have updated your script @Sn0w3y with the suggestion of @eliehalimi to not use ldd. Changes I have made are

path_to_sshd=$(which sshd 2>/dev/null)
/lib64/ld-linux-x86-64.so.2 --verify "$path_to_sshd"
linked_sshd_libraries=$(LD_TRACE_LOADED_OBJECTS=1 /lib64/ld-linux-x86-64.so.2 "$path_to_sshd")
path_cve_2024_3094="$(printf "%s" "$linked_sshd_libraries" | grep liblzma | grep -oP '/[^ ]+')"

I did not want to clutter up the comment section. I have put an updated script in my gist here: https://gist.github.com/amaddio/d95391c48562f6f40235ab5e839bc1ee

Great, thanks!