The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAV found exploit in cpanel/cpaddons/../Wordpress

Discussion in 'Security' started by cglmicro, Sep 5, 2015.

  1. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys.

    Since August 31st, every daily ClamAV scan found this:
    Code:
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804 FOUND
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: moved to '/virus_vault//diff.005'
    
    The file is recreated at the next update, and found again the next day.

    Any idea ?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you verify that you are referring to the cPanel update? Please post the md5sum of this file:

    Code:
    md5sum /path/to/file
    Thank you.
     
  3. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    With pleasure, here it is:
    Code:
    root@smart [~]# md5sum /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
    8f69732e1186668cd9e4e28000f802d0  /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
    
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    This matches the file on a test system:

    Code:
    root@vps [/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8]# md5sum diff
    8f69732e1186668cd9e4e28000f802d0  diff
    
    Thus, it looks like a false positive.

    Thank you.
     
Loading...

Share This Page