HPE Community
Operating System - HP-UX
1834483 Members
3435 Online
110067 Solutions
New Discussion

Updates to ClamAV from Internet Express to fix Remote exploitation?

 
Alexander Skwar
Frequent Advisor

‎08-08-2006 12:39 AM

‎08-08-2006 12:39 AM

Updates to ClamAV from Internet Express to fix Remote exploitation?

Hello!

Yesterday, a hole in ClamAV was discovered, which might lead to remote code execution. See http://www.overflow.pl/adv/clamav_upx_heap.txt

To fix this issue, the ClamAV guys released a new version - 0.88.4.

Does anyone know, if the 0.88.2 from the Internet Express is vulnerable and if so, when will a fixed version be released?

Thanks,
Alexander
0 Kudos
8 REPLIES 8
spex
Honored Contributor

‎08-08-2006 12:50 AM

‎08-08-2006 12:50 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

Hi Alexander,

From the link you provided:

Affected version: Prior to 0.88.3

So yes, 0.88.2 is vulnerable. I'm not sure when HP expects to release a fix. Why don't you just upgrade to the latest version now?

PCS
0 Kudos
Alexander Skwar
Frequent Advisor

‎08-08-2006 12:52 AM

‎08-08-2006 12:52 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I'd like to have a depot, so that I can see the software in the "package management" tool of HP-UX.

But I don't know (yet), how to make depots.

0 Kudos
Alexander Skwar
Frequent Advisor

‎08-08-2006 01:45 AM

‎08-08-2006 01:45 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I'm trying to compile it now, and fail:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `clamscan' will be relinked during installation
gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld returned 1 exit status
*** Fehlerrückkehrcode 1

Stopp.
*** Fehlerrückkehrcode 1

Stopp.
*** Fehlerrückkehrcode 1

Stopp.




The last command, that got executed was:

gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib

This was in the clamscan directory.

When I run the command myself manually, I get:

[15:44:18 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $ gcc -g -O2 -o .libs/clamscan output.o getopt.o memory.o c>
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld gab 1 als Ende-Status zurück
[15:44:22 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $


Why can't it open the library? It's in /usr/local/lib and this directory is in the list of searched library directories:

-L/usr/local/lib

[15:44:22 vz6tml@dewuib07:~/Source/clamav-0.88.4/clamscan] $ ls -la /usr/local/lib/libgmp.sl
-r-xr-xr-x 1 root sys 581632 2006-07-14 23:53 /usr/local/lib/libgmp.sl

I installed gmp-4.2.1 from the porting centre: http://hpux.cs.utah.edu/hppd/hpux/Maths/Misc/gmp-4.2.1/

Thanks,
Alexander

0 Kudos
Alexander Skwar
Frequent Advisor

‎08-08-2006 02:32 AM

‎08-08-2006 02:32 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I now upgraded gcc to 4.1.1 from http://hp.com/go/gcc, and now zlib cannot be found anymore.

*THAT* is the reason, why I did not "just" compile clamav. I don't like compiling on HP - why can't it be as easy as on Gentoo Linux? :(
0 Kudos
Alexander Skwar
Frequent Advisor

‎08-08-2006 03:10 AM

‎08-08-2006 03:10 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

As bzip2 couldn't be linked in, I also installed the 32bit version of GCC, but now compilation fails again:

libtool: link: warning: this platform does not like uninstalled shared libraries
libtool: link: `clamscan' will be relinked during installation
/opt/hp-gcc/bin/hppa1.1-hp-hpux11.11-gcc-4.1.1 -g -O2 -o .libs/clamscan output.o getopt.o memory.o cfgparser.o misc.o clamscan.o options.o others.o manager.o treewalk.o -L/usr/local/lib ../libclamav/.libs/libclamav.sl -lbz2 /usr/local/lib/libgmp.sl -L/opt/iexpress/curl/lib /opt/iexpress/curl/lib/libcurl.sl -lssl -lcrypto -lz -lpthread -lnsl -Wl,+b -Wl,/u/vz6tml/Source/clamav-0.88.4/libclamav/.libs:/usr/local/lib:/opt/iexpress/curl/lib:/opt/clamav/lib
/usr/ccs/bin/ld: Can't open libgmp.sl
/usr/ccs/bin/ld: No such file or directory
collect2: ld returned 1 exit status
gmake[2]: *** [clamscan] Error 1

*AAAAAHHHHHHH* :(

I *HATE* compiling on HP-UX :( I really do.
0 Kudos
Alexander Skwar
Frequent Advisor

‎08-10-2006 02:54 AM

‎08-10-2006 02:54 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

Spex,
how did you get ClamAV to compile?
0 Kudos
Alexander Skwar
Frequent Advisor

‎08-10-2006 03:19 AM

‎08-10-2006 03:19 AM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I now removed bzip2 from the system and compilation now fails like this:

ld: Unable to load shared library "/opt/langtools/lib/libcomp.sl"
Fatal error.

Why does it have to be, that HP is so much more cumbersome as Linux? :( Especially, when it comes to compiling software? :((
0 Kudos
Alexander Skwar
Frequent Advisor

‎08-14-2006 10:38 PM

‎08-14-2006 10:38 PM

Re: Updates to ClamAV from Internet Express to fix Remote exploitation?

I contacted HP support. They'll see to get ClamAV 0.88.4 compiled by the end of the month(!).

That's *VERY* bad! About THREE weeks to fix a remote exploitable hole in a security software?

Wow. :(
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.