critical security plesk issue

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Guys take a look at this. I just saw it and pushed right away an update to plesk 10.4.4. I hope I don't have problems with the update. It affects all plesk editions except 10.4.4 according to parallels. The best part is that there is no hotfix for plesk 10.3.1 !

http://kb.parallels.com/en/113321

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Scott and Mike,

Havent you found a any way to filter again using modsecurity plesk panel ?

I miss those times when I could sleep slightly better at night... !

BruceLee · **Posted:** Mon Mar 05, 2012 3:32 pm

it's covered by ASL 3.0.20.
Please see post viewtopic.php?f=8&t=5773

scott · **Posted:** Mon Mar 05, 2012 7:26 pm

Yup! This framework will let us add the WAF to any web based service... and maybe ftp but I didnt spend a lot of time on that.

Blake@Parallels · **Posted:** Mon Mar 05, 2012 8:39 pm

nobody wrote:

Guys take a look at this. I just saw it and pushed right away an update to plesk 10.4.4. I hope I don't have problems with the update. It affects all plesk editions except 10.4.4 according to parallels. The best part is that there is no hotfix for plesk 10.3.1 !

http://kb.parallels.com/en/113321

Note, this was address for 10.3.1 in MicroUpdate #5 in September 2011 (updates were also issued at that time for 9.5 and 8.6). Further, no base version (e.g. without MU's applied) were vulnerable after 10.4.0 in November 2011.

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

scott wrote:

Yup! This framework will let us add the WAF to any web based service... and maybe ftp but I didnt spend a lot of time on that.

Damn. How did I miss on that ? Fine job once again !

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

For the avoidance of doubt, I assume this is the same issue with Agent that we've discussed viewtopic.php?f=13&t=5731 or is it something different?

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

Incidentally, there does appear to be a new MU for Plesk 8.6. MU11. Nothing to do with Agent. Looks related to Webmail to me.

Blake@Parallels · **Posted:** Tue Mar 06, 2012 11:08 am

faris wrote:

For the avoidance of doubt, I assume this is the same issue with Agent that we've discussed http://www.atomicorp.com/forum/viewtopi ... =13&t=5731 or is it something different?

Same issue.

Blake@Parallels · **Posted:** Tue Mar 06, 2012 11:08 am

faris wrote:

Incidentally, there does appear to be a new MU for Plesk 8.6. MU11. Nothing to do with Agent. Looks related to Webmail to me.

For 8.6, this issue was resolved via MU#2 - released in September 2011.

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Guys Plesk 10.4.4 works like a charm up till now. Which is a pleasant surprise. Never happened before

Blake when will they fix the issue in which you can move customers between ressellers ? This was a major stepback from version 9 to version 10 ...

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

Blake@Parallels wrote:

faris wrote:

Incidentally, there does appear to be a new MU for Plesk 8.6. MU11. Nothing to do with Agent. Looks related to Webmail to me.

For 8.6, this issue was resolved via MU#2 - released in September 2011.

Thank you for update.

moondog604 · **Posted:** Thu Mar 08, 2012 4:11 pm

My 8.6 is patched. I'm Mr Linux/Plesk Newb Question Man today.

1. I also running a 9.3, so I guess I have to update to 9.5.4?

2. In theory should I have any problems upgrading if I updated the PHP to 5.2 using the AtomicCorp repo?

3. Is it safer to install the updates one at a time or can I jump straight to 9.5.4?

Thanks in adavance!

BruceLee · **Posted:** Thu Mar 08, 2012 4:37 pm

1. I would upgrade
2. You never know, each installation/servermight have different settings. Take care of a godd and complete backup
3. I stick with updating plesk over yum. Than i run the autoinstaller to install MU's. If I would go (which I don't do) and do it via webinterface of Plesk I would update one-by-one.
But thats just my opinion.

nobody · **Joined:** Sun Mar 29, 2009 6:52 pm **Posts:** 348

Guys. Its the first time that I see great improvement in Plesk after 3 years. Plesk 10.4.4 seems to actually function ! I still seek to find what it has broken, thats good !

critical security plesk issue

Who is online