Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

Alexander Skwar · ‎08-08-2006

Hello!

Yesterday, a hole in ClamAV was discovered, which might lead to remote code execution. See http://www.overflow.pl/adv/clamav_upx_heap.txt

To fix this issue, the ClamAV guys released a new version - 0.88.4.

Does anyone know, if the 0.88.2 from the Internet Express is vulnerable and if so, when will a fixed version be released?

Thanks,
Alexander

spex · ‎08-08-2006

Hi Alexander,

From the link you provided:

Affected version: Prior to 0.88.3

So yes, 0.88.2 is vulnerable. I'm not sure when HP expects to release a fix. Why don't you just upgrade to the latest version now?

PCS

Alexander Skwar · ‎08-08-2006

I'd like to have a depot, so that I can see the software in the "package management" tool of HP-UX.

But I don't know (yet), how to make depots.

Alexander Skwar · ‎08-08-2006

I'm trying to compile it now, and fail:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `clamscan' will be relinked during installation
gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld returned 1 exit status
*** FehlerrÃ¼ckkehrcode 1

Stopp.
*** FehlerrÃ¼ckkehrcode 1

Stopp.
*** FehlerrÃ¼ckkehrcode 1

Stopp.

The last command, that got executed was:

gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib

This was in the clamscan directory.

When I run the command myself manually, I get:

[15:44:18 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $ gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o c>
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld gab 1 als Ende-Status zurÃ¼ck
[15:44:22 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $

Why can't it open the library? It's in /usr/local/lib and this directory is in the list of searched library directories:

-L/usr/local/lib

[15:44:22 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $ ls -la /usr/local/lib/libgmp.sl
-r-xr-xr-x 1 root sys 581632 2006-07-14 23:53 /usr/local/lib/libgmp.sl

I installed gmp-4.2.1 from the porting centre: http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/gmp-4.2.1/

Thanks,
Alexander

Alexander Skwar · ‎08-08-2006

I now upgraded gcc to 4.1.1 from http://hp.com/go/gcc, and now zlib cannot be found anymore.

*THAT* is the reason, why I did not "just" compile clamav. I don't like compiling on HP - why can't it be as easy as on Gentoo Linux? :(

Alexander Skwar · ‎08-08-2006

As bzip2 couldn't be linked in, I also installed the 32bit version of GCC, but now compilation fails again:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `clamscan' will be relinked during installation
/opt/hp-gcc/bin/hppa1.1-hp-hpux11.11-gcc-4.1.1 -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld returned 1 exit status
gmake[2]: *** [clamscan] Error 1

*AAAAAHHHHHHH* :(

I *HATE* compiling on HP-UX :( I really do.

Alexander Skwar · ‎08-10-2006

Spex,
how did you get ClamAV to compile?

Alexander Skwar · ‎08-10-2006

I now removed bzip2 from the system and compilation now fails like this:

ld: Unable to load shared library "/opt/langtools/lib/libcomp.sl"
Fatal error.

Why does it have to be, that HP is so much more cumbersome as Linux? :( Especially, when it comes to compiling software? :((

Alexander Skwar · ‎08-14-2006

I contacted HP support. They'll see to get ClamAV 0.88.4 compiled by the end of the month(!).

That's *VERY* bad! About THREE weeks to fix a remote exploitable hole in a security software?

Wow. :(

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

Updates to ClamAV from Internet Express to fix Remote exploitation?