Found a pest in Coppermine directory Found a pest in Coppermine directory
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Found a pest in Coppermine directory

Started by cybrguy, October 02, 2007, 02:41:00 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cybrguy

I found a file in my userpics directory that most av vendors are calling a 'hacktool'.  Should there be a script in that directory called up_php.rar?  If not, I wonder how it got there...?

Nibbler

Make sure you are running an up-to-date version of Coppermine. That file should be treated as a rar (compressed archive) file by your server and is therefore harmless.

cybrguy

I happened to find that file as I was backing up my pics to do the update.  Avira freaked.  Apparently it is a script for running shell commands.

My question is, is this part of a normal install, or did someone drop this on me?

Nibbler

It's an exploit for previous versions of Coppermine, uploaded by a malicious visitor/bot. You are running a more-up-date version of Coppermine so there is no risk from this.

cybrguy

Actually I'm having trouble getting the upgrade to take.  I'm still using 1.4.10.  Is that vulnerable?

Nibbler

The file is named up_php.rar so there is no problem. If it were named up.php.rar then then there may be a problem. If you have problems updating use the update support section of the forum.

cybrguy

Well, since the file isn't yours I deleted it anyway, so it can't be a problem.

I'll go over to the update support section when I have a little more time.  Thanks.