Get Paid to Participate - up to $1 per post!     Twitter     Facebook     Google+
Hosting Discussion
 

Hosting Discussion > Web Hosting Forums > Hardware and Server Configuration > Critical Remote Root Exploit: FTP Server Security Issue: Plesk 9.5.x 10.x
forgot password?



Reply


Old
  Post #1 (permalink)   11-12-2010, 09:12 AM
HD Newbie
 
Join Date: May 2009
Posts: 22

Status: rackaid is offline
A critical security issues has been discovered in ProFTPd. This is the FTP server supplied with Plesk.

Today Plesk has announce a patch for the issue:
http://kb.parallels.com/en/9294

History on this issue can be found here:
http://bugs.proftpd.org/show_bug.cgi?id=3521

There was considerable confusion about this issue and what versions of Plesk are impacted. As we understand it, Plesk <= 9.3 is not impacted.

According to the ProFTPd bug reports:
Quote:
Inspecting the sources of versions past indicates that this vulnerability has been present since proftpd-1.3.2rc3.
If you FTP into your server, the ProFTP version will be displayed:

Code:
Connected to localhost.localdomain.
220 ProFTPD 1.3.1 Server (ProFTPD) [127.0.0.1]
500 AUTH not understood
500 AUTH not understood
If your version is 1.3.2rc3 or later, then review the Plesk information about fixing the issue.

There was another Plesk announcement yesterday, but some of the information at that time was incorrect:
http://www.parallels.com/products/plesk/ProFTPD

If you are unsure about your FTP, use Plesk's firewall module to block FTP and/or disable FTP at the command line:

Code:
chkconfig ftp_psa off
service xinetd restart
__________________
Linux server management and hosting services for small business owners who want to run their business not their servers.
 
 
 


Old
  Post #2 (permalink)   11-28-2010, 11:36 PM
HD Newbie
 
Join Date: Nov 2010
Location: Amsterdam
Posts: 21
Send a message via MSN to Profithost

Status: Profithost is offline
I think there should be a seperate forum section for these exploits. It is usefull to know when you run a host!
__________________
Profithost - Dedicated servers and Webhosting from Amsterdam since 2006. Cheap hosting solutions at the highest quality network worldwide!
Visit our website or send us an e-mail directly at sales@profithost.net
Visit our customer panel directly at Profithost Customers
 
 
 
Reply

Thread Tools

New Post New Post   Old Post Old Post
Posting Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Sponsored By: