store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Thu Apr 17, 2014 8:29 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: Recent Plesk Vulnerability
Unread postPosted: Fri Feb 10, 2012 7:35 am 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 501
Location: Southampton, UK
Hi all,

I recieved an email from Parallels about a Plesk SQL injection vulnerability.

It talks about running a micro update, but are these updates save to run, especially when I use ASL on my box and Plesk was installed via the ART yum channel.

Thanks

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
 Post subject: Re: Recent Plesk Vulnerability
Unread postPosted: Fri Feb 10, 2012 9:04 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2005
normally safe to run. been ok for me in past. dragged myself in to work from sick bed to do it. you will hear the screaming if it goes wrong.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: Recent Plesk Vulnerability
Unread postPosted: Fri Feb 10, 2012 9:37 am 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2005
seems ok so far. Bloody useless in plesk 8.6 though. No indication of which microupdates are installed or not.

Best of all, it says my installed version November 2011 - new version available, April 2011. Kind of lame.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: Recent Plesk Vulnerability
Unread postPosted: Fri Feb 10, 2012 2:11 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3545
Location: Chantilly, VA
We'll be adding in a proxy option into 3.0.20 or 21 to help with these things in the future (Plesk uses lighthttp which also does not have any WAF module). You will be able to put ASL in front of plesk (and anything else for that matter) and proxy everything thru it. So even if plesk, or anything else, has a vulnerability in it we will stop it.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Recent Plesk Vulnerability
Unread postPosted: Fri Feb 10, 2012 6:21 pm 
Offline
Forum Regular
Forum Regular

Joined: Mon Mar 10, 2008 9:12 pm
Posts: 501
Location: Southampton, UK
Just got in from the radio show. Great idea mike.

Thanks guys, I'll run the update now.

_________________
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group