Rackspace Cloud Sites Customers,
On April 20, 2015, Checkpoint Communications released public information (http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/) regarding Magento vulnerabilities that were patched by Ebay Enterprise (Magento) on February 9, 2015 as SUPEE-5344 (https://www.magentocommerce.com/products/downloads/magento/ ; http://www.magentocommerce.com/knowledge-base/entry/ee-connect-patches). This vulnerability has been given the vanity name ‘Shoplift’.
The Dutch hosting company Byte has released a tool to help Shop/Magento platform owners identify if they are vulnerable (https://shoplift.byte.nl).
Given that Magento displays a large notice for security patches in the admin panel, you may have already patched your environment. Nevertheless, if you are leveraging the Magento platform (either Community Edition or Enterprise Edition), regardless of hosting provider, we strongly suggest you verify that your Magento code-base has been patched. To do this, leverage the Byte tool (https://shoplift.byte.nl).
For customers impacted by the vulnerability, two courses of action are currently available:
Two patches are available on Magento’s Enterprise Support Portal, or the Community Download Page:
SUPEE-5344 – Addresses a potential remote code execution exploit (Added Feb 9, 2015)
SUPEE-1533 – Addresses two potential remote code execution exploits (Added Oct 3, 2014)
Use a Web Application Firewall, such as CloudFlare, to mitigate the vulnerability: https://blog.cloudflare.com/new-magento-waf-rule-rce-vulnerability-protection/
A compromise associated with this vulnerability can include the presence of unknown Magento administrative accounts in the Magento Admin control panel. For that reason, customers should verify all admin account email addresses for known accounts and reset passwords.
We strongly suggest customers take quick action, as this vulnerability has already been out a few days. As always, please contact the support team if you have any questions.