Sicherheit

Achtung! Parallels informiert über Sicherheitslücke in PLESK

Sehr geehrte User mit VPS + PLESK Installationen.

Bitte beachten Sie folgenden Eintrag und handeln Sie entsprechend:

SECURITY ADVISORY: Parallels Plesk Panel 9.x, 10.x, 11.x –
Privilege Escalation Vulnerability

Parallels Customer,

Please read this message in its entirety and take the recommended
actions.

SITUATION

Parallels Plesk Panel privilege escalation vulnerabilities have
been discovered and are described in VU#310500 and CVE-2013-0132,
CVE-2013-0133
(CVSS score 4.4 – http://www.kb.cert.org/vuls/id/310500).

IMPACT

This impacts Parallels Plesk Panel for Linux versions 9.x, 10.x,
11.x.

You are at risk if you have Apache web server running mod_php,
mod_perl, mod_python, etc.

You are NOT at risk if you have Apache web server running Fast
CGI (PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).

SOLUTION

Parallels has issued security updates for Parallels Plesk Panel
versions 9.x-11.x. The security updates for Parallels Plesk Panel
11.x and Parallels Plesk Panel 10.4.4 will automatically appear
inside your Parallels Plesk Panel control panel – please apply
them as soon as possible.

The security hotfix for Parallels Plesk 9.x is available for
download here: http://kb.parallels.com/115942

WORKAROUND

Parallels understands that it’s not always practical for
immediate upgrades, so we have provided a solution to fix this
vulnerability. For the immediate solution, customers should read
this knowledge base article for instructions:
http://kb.parallels.com/115942.

Parallels takes the security of our customers very seriously and
encourages you to take the recommended actions as soon as
possible.

Mit freundlichen Grüßen / Best Regards

Andreas Wagner
Business Support | united hoster GmbH
Steinpilzweg 31
70599 Stuttgart
Fon +49(0)711.169173-50
Fax +49(0)711.169173-60

Mail support@united-hoster.de <mailto:support@united-hoster.de>

UStID-Nr.: DE232931215 – Steuer-Nr.: 59350/50243 – Registergericht: Amtsgericht Stuttgart, HRB 214534
Geschäftsführer: Alexander Pelz



Teile diesen Beitrag

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert