Nos llega información acerda de una fallo de seguridad en Plesk:
«SECURITY ADVISORY:
Parallels Plesk Panel 9.x, 10.x, 11.x – Privilege Escalation Vulnerability
Parallels Customer,
Please read this message in its entirety and take the recommended actions.
Situation
Parallels Plesk Panel privilege escalation vulnerabilities have been
discovered and are described in VU#310500 and CVE-2013-0132,
CVE-2013-0133 (CVSS score 4.4 –
http://www.kb.cert.org/vuls/id/310500).
Impact
This impacts Parallels Plesk Panel for Linux versions 9.x, 10.x, 11.x.
You are at risk if you have Apache web server running mod_php,
mod_perl, mod_python, etc.
You are NOT at risk if you have Apache web server running Fast CGI
(PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).
Solution
Parallels has issued security updates for Parallels Plesk Panel
versions 9.x-11.x. The security updates for Parallels Plesk Panel 11.x
and Parallels Plesk Panel 10.4.4 will automatically appear inside your
Parallels Plesk Panel control panel – please apply them as soon as
possible.
The security hotfix for Parallels Plesk 9.x is available for download
here: http://kb.parallels.com/115942.
Workaround
Parallels understands that it’s not always practical for immediate
upgrades, so we have provided a solution to fix this vulnerability.
For the immediate solution, customers should read this knowledge base
article for instructions: http://kb.parallels.com/115942.»
Recordamos que para instalar los microupdates de plesk se pueden ejecutar estos comandos :
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component base /usr/local/psa/admin/sbin/autoinstaller --select-release-current --upgrade-installed-components
Deja una respuesta