Achtung! Parallels informiert über Sicherheitslücke in PLESK
Sehr geehrte User mit VPS + PLESK Installationen.
Bitte beachten Sie folgenden Eintrag und handeln Sie entsprechend:
SECURITY ADVISORY: Parallels Plesk Panel 9.x, 10.x, 11.x –
Privilege Escalation Vulnerability
Parallels Customer,
Please read this message in its entirety and take the recommended
actions.
SITUATION
Parallels Plesk Panel privilege escalation vulnerabilities have
been discovered and are described in VU#310500 and CVE-2013-0132,
CVE-2013-0133
(CVSS score 4.4 – http://www.kb.cert.org/vuls/id/310500).
IMPACT
This impacts Parallels Plesk Panel for Linux versions 9.x, 10.x,
11.x.
You are at risk if you have Apache web server running mod_php,
mod_perl, mod_python, etc.
You are NOT at risk if you have Apache web server running Fast
CGI (PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).
SOLUTION
Parallels has issued security updates for Parallels Plesk Panel
versions 9.x-11.x. The security updates for Parallels Plesk Panel
11.x and Parallels Plesk Panel 10.4.4 will automatically appear
inside your Parallels Plesk Panel control panel – please apply
them as soon as possible.
The security hotfix for Parallels Plesk 9.x is available for
download here: http://kb.parallels.com/115942
WORKAROUND
Parallels understands that it’s not always practical for
immediate upgrades, so we have provided a solution to fix this
vulnerability. For the immediate solution, customers should read
this knowledge base article for instructions:
http://kb.parallels.com/115942.
Parallels takes the security of our customers very seriously and
encourages you to take the recommended actions as soon as
possible.
Mit freundlichen Grüßen / Best Regards
Andreas Wagner
Business Support | united hoster GmbH
Steinpilzweg 31
70599 Stuttgart
Fon +49(0)711.169173-50
Fax +49(0)711.169173-60
Mail support@united-hoster.de <mailto:support@united-hoster.de>
UStID-Nr.: DE232931215 – Steuer-Nr.: 59350/50243 – Registergericht: Amtsgericht Stuttgart, HRB 214534
Geschäftsführer: Alexander Pelz