The remote code execution (RCE) vulnerability, or “shoplift” bug, was reported to us by Check Point Software Technologies in late January 2015. It affects both Magento Enterprise Edition and Magento Community Edition and allows attackers to obtain control over a store and its sensitive data, including personal customer information. Magento issued a patch for this issue on February 9, 2015.

To determine if your site has been patched, enter your URL in the search box above.

If your site has not been patched, we strongly urge you to implement the following patches to address the issue highlighted by Check Point Security Technologies, as well as a previous issue resolved in October 2014 (SUPEE-1533). All Enterprise Edition patches can be found in the Magento Support Portal and Community Edition patches can be found on the Magento Community Edition download page.

• If you are on Magento Enterprise Edition 1.14.2.0, then you are protected, as both patches were integrated into this build
• If you are on Magento Enterprise Edition E 1.14.1.0, then please apply patch SUPEE-5344 only. SUPEE-1533 was integrated into this build
• If you are on Magento Enterprise Edition 1.13.0.0 to 1.14.0.1, then please apply both patches, SUPEE-5344 and SUPEE-1533
• If you are on Magento Enterprise Edition 1.12.0.2 and lower, then please apply SUPEE-1533 and the appropriate patch for your version:
  • Magento Enterprise Edition 1.12.0.x: PATCH_SUPEE-5345_EE_1.12.0.2_v1.sh
  • Magento Enterprise Edition 1.11.1.0 thru EE 1.11.2.0: PATCH_SUPEE-5346_EE_1.11.1.0_v1.sh
  • Magento Enterprise Edition 1.11.0.x: PATCH_SUPEE-5341_EE_1.11.0.0_v1.sh
  • Magento Enterprise Edition 1.10.1.x: PATCH_SUPEE-5390_EE_1.10.1.0_v1.sh
  • Magento Enterprise Edition 1.7.0.0 thru 1.10.0.2: PATCH_SUPEE-5388_EE_1.8.0.0_v1.sh

• Patches for Magento Community Edition 1.4-1.9.1 are available from the Magento Community Edition download page.
• For versions prior to Magento Community Edition 1.3, please refer to this thread on Magento Forums: http://community.magento.com/t5/Version-Upgrades/Is-Magento-CE-1-3-vulnerable-to-Shoplift/m-p/3812#M157.
• Note, you will need SSH access to the server to apply the official patch. If you do not have SSH access, please refer to this thread on Magento Forums: http://community.magento.com/t5/Version-Upgrades/Install-SPEE-5344-patch-without-SSH-use-FTP/m-p/4004.

We recommend that you look for the following signs to determine if your site has potentially been compromised:

• Check your list of administrator users for unknown accounts. We have seen vpwq and defaultmanager being used, but any unknown account is suspicious
• Check your Magento installation for any unknown files that were recently created and are suspicious. Compare all files to your code repository or staging server.
• Check server access log files for request POST /index.php/admin/Cms_Wysiwyg/directive/index/ coming from unknown IP addresses.
• Run a tool to check for trojans (e.g. chkrootkit)
• Check for wrong permissions
• Check for hidden files
• Check for suspicious ports being opened (command: netstat -nap | grep LISTEN )
• Check for any port redirections on OS level (sample command: iptables -L -n)

If you suspect that the site is compromised, contact the security department of your hosting company for an audit.

If you have several sites to check or you simply prefer to use our API, send a request like this:

Optionally, you can force the API to check in https mode:

Finally, if your admin path is more than one level deep, replace slashes with exclamation points, like this:

While a large number of merchants have successfully downloaded the patch, many still have not done so. Please act now to ensure that your Magento store is secure!

Zie ook de volgende url: http://magento.com/security-patch