Hi all,
I recieved an email from Parallels about a Plesk SQL injection vulnerability.
It talks about running a micro update, but are these updates save to run, especially when I use ASL on my box and Plesk was installed via the ART yum channel.
Thanks
Recent Plesk Vulnerability
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Recent Plesk Vulnerability
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
Re: Recent Plesk Vulnerability
normally safe to run. been ok for me in past. dragged myself in to work from sick bed to do it. you will hear the screaming if it goes wrong.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Re: Recent Plesk Vulnerability
seems ok so far. Bloody useless in plesk 8.6 though. No indication of which microupdates are installed or not.
Best of all, it says my installed version November 2011 - new version available, April 2011. Kind of lame.
Best of all, it says my installed version November 2011 - new version available, April 2011. Kind of lame.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Recent Plesk Vulnerability
We'll be adding in a proxy option into 3.0.20 or 21 to help with these things in the future (Plesk uses lighthttp which also does not have any WAF module). You will be able to put ASL in front of plesk (and anything else for that matter) and proxy everything thru it. So even if plesk, or anything else, has a vulnerability in it we will stop it.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
-
- Forum Regular
- Posts: 512
- Joined: Mon Mar 10, 2008 9:12 pm
- Location: Southampton, UK
Re: Recent Plesk Vulnerability
Just got in from the radio show. Great idea mike.
Thanks guys, I'll run the update now.
Thanks guys, I'll run the update now.
Matt
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland
"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"
about.me/mattauckland
twitter.com/mattauckland