#!/usr/bin/perl # Coppermine Gallery Outdated installation checker # Suitable for cPanel servers # Checks for unpatched files covered in # http://coppermine-gallery.net/forum/index.php?topic=31671.0 and # http://coppermine-gallery.net/forum/index.php?topic=32413.0 # # Written by Richard Chiswell. http://www.rac.me.uk # 11-Aug-2006. # Script revision: 0.01 (it works, but it ain't pretty or efficient) # print "Searching for coppermine files...\n"; $disableandemail=0; while(@PW=getpwent()) { if (-d "$PW[7]/public_html" && -e "/var/cpanel/users/$PW[0]") { $username=$PW[0];$path=$PW[7]; system("find ".$path."/public_html/ -type f -name usermgr.php -print > /root/coppermine.txt"); open(VA,"< /root/coppermine.txt") || die("Unable to open /root/coppermine.txt"); while () { $filename=$_;$linecount=0;$found=0;$revision=0; open(FILE,"< $filename") || die("Unable to open $filename"); while ($linecount<20 && $found==0) { $line=; if ($line=~/\$Revision: ([0-9\.]+)/) { $revision=$1;$found=1; } $linecount++; } close(FILE); $filename=~s/(\n|\r)//g; if ($found==1) { if ($revision<3116) { $scriptpath=$filename; $scriptpath=~s/$path//; sendwarning($username,$path,$scriptpath,$revision,$filename,$disableandemail); } } } close(VA); # check for other vunerability system("find ".$path."/public_html/ -type f -name functions.inc.php -print > /root/coppermine.txt"); open(VA,"< /root/coppermine.txt") || die("Unable to open /root/coppermine.txt"); while () { $filename=$_;$found=0;$vunerable=1;$ver=''; if (!($filename=~/include\/functions.inc.php/)) { print "Not match\n";next; } open(FILE,"< $filename") || die("Unable to open $filename"); while () { $line=$_; # do a few checks to see if we have found coppermine if ($line=~/Coppermine version: 1\.([0-9\.][0-9\.][0-9\.])/) { $found+=1;$ver=$1; } if ($line=~/Coppermine Photo Gallery 1\./) { $found+=1; } if ($line=~/get_meta_album_set_data/) { $found+=1; } if ($line=~/Coppermine critical error/) { $found+=1; } if ($line=~/obscure, misdocumented/) { $vunerable=0; } } close(FILE); $filename=~s/(\n|\r)//g; if ($found>4) { if ($vunerable==1) { $scriptpath=$filename; $scriptpath=~s/$path//; sendwarning($username,$path,$scriptpath,$ver,$filename,$disableandemail); } } # close found>4 loop } # close va loop close(VA); } } sub sendwarning { my ($username,$userpath,$path,$version,$filename,$send)=@_; open CONTACTEMAIL , "<".$userpath."/.contactemail"; chomp(my $user_email = ); close CONTACTEMAIL; if ($send==1) { open SENDMAIL, "|/usr/sbin/sendmail -t"; print SENDMAIL "To: <$user_email>\n"; print SENDMAIL "From: security\@$hostname\n"; print SENDMAIL "Subject: Vulnerable Coppermine Gallery Warning!\n\n"; print SENDMAIL "*** DO NOT REPLY TO THIS EMAIL: YOUR REPLY WILL *NOT* BE READ ***\n\n"; print SENDMAIL "Hello,\n\n"; print SENDMAIL "A recent server security scan revealed that your site has a vunerable Coppermine Photo \n"; print SENDMAIL "Gallery file at $path . According to this automated scan, this file is revision/version $version \n"; print SENDMAIL "which is known to have security vunerabilities.\n"; print SENDMAIL "To help ensure the security of the server we are asking you to update your Coppermine insall\n"; print SENDMAIL "to the latest version.\n"; print SENDMAIL "To protect against this being abused, the file at $path has been disabled.\n"; print SENDMAIL "The latest known version of Coppermine is version 1.4.8 . Please upgrade\n"; print SENDMAIL "*** DO NOT REPLY TO THIS EMAIL: YOUR REPLY WILL *NOT* BE READ ***\n\n"; close SENDMAIL; system("chmod a-rx $filename"); } else { print "Would have sent to $user_email ($username) about version $revision at $path (filename $filename)\n"; } }