Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ClamAV found exploit in cpanel/cpaddons/../Wordpress

Discussion in 'Security' started by cglmicro, Sep 5, 2015.

  1. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi guys.

    Since August 31st, every daily ClamAV scan found this:
    Code:
    /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: Html.Exploit.CVE_2014_1804 FOUND
/home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff: moved to '/virus_vault//diff.005'
    The file is recreated at the next update, and found again the next day.

    Any idea ?
     
    #1 cglmicro, Sep 5, 2015
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you verify that you are referring to the cPanel update? Please post the md5sum of this file:

    Code:
    md5sum /path/to/file
    Thank you.
     
    #2 cPanelMichael, Sep 7, 2015
  3. cglmicro

    cglmicro Member

    Joined:
    Oct 14, 2013
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    With pleasure, here it is:
    Code:
    root@smart [~]# md5sum /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
8f69732e1186668cd9e4e28000f802d0  /home/virtfs/cglmicro/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8/diff
     
    #3 cglmicro, Sep 10, 2015
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello :)

    This matches the file on a test system:

    Code:
    root@vps [/usr/local/cpanel/cpaddons/cPanel/Blogs/WordPress/upgrade/2.7.1_2.8]# md5sum diff
8f69732e1186668cd9e4e28000f802d0  diff
    Thus, it looks like a false positive.

    Thank you.
     
    #4 cPanelMichael, Sep 10, 2015
(You must log in or sign up to post here.)
Loading...
Similar Threads - ClamAV found exploit
  1. Elizabeta

    SOLVED Clamav update question

    Elizabeta, Mar 21, 2018, in forum: General Discussion
    Replies:
    7
    Views:
    159
    Elizabeta
    Mar 23, 2018
  2. EneTar

    Initiated new Clamav scan through cPanel. Results location?

    EneTar, Feb 12, 2018, in forum: Security
    Replies:
    3
    Views:
    158
    cPanelMichael
    Mar 9, 2018
  3. Venomous21

    Clamav .99.2 vulnerabilities

    Venomous21, Jan 25, 2018, in forum: Security
    Replies:
    7
    Views:
    370
    cPanelMichael
    Mar 26, 2018
  4. Felipe G

    SOLVED clamav command line install

    Felipe G, Dec 3, 2017, in forum: General Discussion
    Replies:
    2
    Views:
    341
    cPanelMichael
    Dec 4, 2017
  5. equens

    SOLVED ClamAV email question

    equens, Nov 23, 2017, in forum: E-mail Discussions
    Replies:
    10
    Views:
    463
    cPanelMichael
    Feb 21, 2018

Share This Page