Security vulnerability is found in the PHPUnit/Mailchimp library for Drupal

According to the Public Service Advisory PSA-2011-002 - External libraries and plugins Drupal Security team has released an advisory today with regard to an exploit found in the third party library.

Current PHPUnit/Mailchimp library exploit

A vulnerability that is being actively exploited on some Drupal sites is detected. The vulnerability is in PHPUnit and has a CVE# CVE-2017-9841. The exploit targets Drupal sites that currently or previously used the Mailchimp or Mailchimp commerce module and still have a vulnerable version of the file [library-path]/eval-stdin.php. See below for details on whether a file is vulnerable or not. The vulnerable file might be at other paths on your individual site, but an automated attack exists that is looking for that specific path. This attack can execute PHP on the server.

Solution

Follow release announcements by the vendors of the external libraries and plugins you use.

In this specific case, check for the existence of a file named eval-stdin.php and check its contents. If they match the new version in this commit then it is safe. If the file reads from php://input then the codebase is vulnerable. This is not an indication of a site being compromised, just of it being vulnerable. To fix this vulnerability, update your libraries. In particular you should ensure the Mailchimp and Mailchimp Ecommerce modules and their libraries are updated.

If your website is using the Mailchimp-related modules and libraries and you are not sure how to tackle this matter further, then please contact AltaGrade team and we will do our best to assist you promptly.