Recent Plesk Vulnerability

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Recent Plesk Vulnerability

Unread post by laughingbuddha »

Hi all,

I recieved an email from Parallels about a Plesk SQL injection vulnerability.

It talks about running a micro update, but are these updates save to run, especially when I use ASL on my box and Plesk was installed via the ART yum channel.

Thanks
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Recent Plesk Vulnerability

Unread post by faris »

normally safe to run. been ok for me in past. dragged myself in to work from sick bed to do it. you will hear the screaming if it goes wrong.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Recent Plesk Vulnerability

Unread post by faris »

seems ok so far. Bloody useless in plesk 8.6 though. No indication of which microupdates are installed or not.

Best of all, it says my installed version November 2011 - new version available, April 2011. Kind of lame.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4149
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: Recent Plesk Vulnerability

Unread post by mikeshinn »

We'll be adding in a proxy option into 3.0.20 or 21 to help with these things in the future (Plesk uses lighthttp which also does not have any WAF module). You will be able to put ASL in front of plesk (and anything else for that matter) and proxy everything thru it. So even if plesk, or anything else, has a vulnerability in it we will stop it.
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Recent Plesk Vulnerability

Unread post by laughingbuddha »

Just got in from the radio show. Great idea mike.

Thanks guys, I'll run the update now.
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
Post Reply