Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

ClamAV found exploit in cpanel/cpaddons/../Wordpress

Discussion in 'Security' started by cglmicro, Sep 5, 2015.

  1. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys.

    Since August 31st, every daily ClamAV scan found this:
    Code:
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804 FOUND
/home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: moved to '/virus_vault//diff.005'
    The file is recreated at the next update, and found again the next day.

    Any idea ?
     
    #1 cglmicro, Sep 5, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you verify that you are referring to the cPanel update? Please post the md5sum of this file:

    Code:
    md5sum /path/to/file
    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPanelMichael, Sep 7, 2015
  3. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    With pleasure, here it is:
    Code:
    root@smart [~]# md5sum /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
8f69732e1186668cd9e4e28000f802d0  /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
     
    #3 cglmicro, Sep 10, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,711
    Likes Received:
    1,794
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    This matches the file on a test system:

    Code:
    root@vps [/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8]# md5sum diff
8f69732e1186668cd9e4e28000f802d0  diff
    Thus, it looks like a false positive.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #4 cPanelMichael, Sep 10, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - ClamAV found exploit
  1. Michaelit

    SOLVED Clamav daemon vs Daily Scan

    Michaelit, Apr 27, 2018, in forum: Security
    Replies:
    16
    Views:
    215
    Michaelit
    May 9, 2018
  2. Elizabeta

    SOLVED Clamav update question

    Elizabeta, Mar 21, 2018, in forum: General Discussion
    Replies:
    7
    Views:
    388
    Elizabeta
    Mar 23, 2018
  3. EneTar

    Initiated new Clamav scan through cPanel. Results location?

    EneTar, Feb 12, 2018, in forum: Security
    Replies:
    3
    Views:
    226
    cPanelMichael
    Mar 9, 2018
  4. Venomous21

    Clamav .99.2 vulnerabilities

    Venomous21, Jan 25, 2018, in forum: Security
    Replies:
    7
    Views:
    431
    cPanelMichael
    Mar 26, 2018
  5. Felipe G

    SOLVED clamav command line install

    Felipe G, Dec 3, 2017, in forum: General Discussion
    Replies:
    2
    Views:
    502
    cPanelMichael
    Dec 4, 2017

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice