Operating System - HP-UX
1833776 Members
2408 Online
110063 Solutions
New Discussion

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

 
Alexander Skwar
Frequent Advisor

Updates to ClamAV from Internet Express to fix Remote exploitation?

Hello!

Yesterday, a hole in ClamAV was discovered, which might lead to remote code execution. See http://www.overflow.pl/adv/clamav_upx_heap.txt

To fix this issue, the ClamAV guys released a new version - 0.88.4.

Does anyone know, if the 0.88.2 from the Internet Express is vulnerable and if so, when will a fixed version be released?

Thanks,
Alexander
8 REPLIES 8
spex
Honored Contributor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

Hi Alexander,

From the link you provided:

Affected version: Prior to 0.88.3

So yes, 0.88.2 is vulnerable. I'm not sure when HP expects to release a fix. Why don't you just upgrade to the latest version now?

PCS
Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I'd like to have a depot, so that I can see the software in the "package management" tool of HP-UX.

But I don't know (yet), how to make depots.

Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I'm trying to compile it now, and fail:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `clamscan' will be relinked during installation
gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld returned 1 exit status
*** Fehlerrückkehrcode 1

Stopp.
*** Fehlerrückkehrcode 1

Stopp.
*** Fehlerrückkehrcode 1

Stopp.




The last command, that got executed was:

gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib

This was in the clamscan directory.

When I run the command myself manually, I get:

[15:44:18 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $ gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o c>
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld gab 1 als Ende-Status zurück
[15:44:22 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $


Why can't it open the library? It's in /usr/local/lib and this directory is in the list of searched library directories:

-L/usr/local/lib

[15:44:22 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $ ls -la /usr/local/lib/libgmp.sl
-r-xr-xr-x 1 root sys 581632 2006-07-14 23:53 /usr/local/lib/libgmp.sl

I installed gmp-4.2.1 from the porting centre: http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/gmp-4.2.1/

Thanks,
Alexander

Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I now upgraded gcc to 4.1.1 from http://hp.com/go/gcc, and now zlib cannot be found anymore.

*THAT* is the reason, why I did not "just" compile clamav. I don't like compiling on HP - why can't it be as easy as on Gentoo Linux? :(
Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

As bzip2 couldn't be linked in, I also installed the 32bit version of GCC, but now compilation fails again:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `clamscan' will be relinked during installation
/opt/hp-gcc/bin/hppa1.1-hp-hpux11.11-gcc-4.1.1 -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld returned 1 exit status
gmake[2]: *** [clamscan] Error 1

*AAAAAHHHHHHH* :(

I *HATE* compiling on HP-UX :( I really do.
Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

Spex,
how did you get ClamAV to compile?
Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I now removed bzip2 from the system and compilation now fails like this:

ld: Unable to load shared library "/opt/langtools/lib/libcomp.sl"
Fatal error.

Why does it have to be, that HP is so much more cumbersome as Linux? :( Especially, when it comes to compiling software? :((
Alexander Skwar
Frequent Advisor

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I contacted HP support. They'll see to get ClamAV 0.88.4 compiled by the end of the month(!).

That's *VERY* bad! About THREE weeks to fix a remote exploitable hole in a security software?

Wow. :(