• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

HOW TO: Update OpenSSL for Plesk Control panel

T

thijshoutenbos

Guest
The version of OpenSSL used by the Plesk Control Panel (Apache) contains a vulnerability that may allow an attackers to cause a DoS attack, or even worse: possibly gain a remote shell.

This vulnerability was present in the most recently update Plesk 7.6, and was confirmed by scanning the host with the online security audit tool Hackerguardian.

To update to the latest version you need to download the latest OpenSSL from Sourceforge:
http://sourceforge.net/project/downloading.php?groupname=gnuwin32&filename=openssl-0.9.7c-bin.zip

You need to replace the files 'libssl32.dll' and 'libeay32.dll' in the folder 'C:\Program Files\SWsoft\Plesk\admin\bin' (or any other location you installed Plesk). Be sure to back up the DLLs you replace before overwriting them. After restarting your Plesk Control Panel service you now use the updated OpenSSL library and should no longer be vulnerable to this attack (this was also verified by re-scanning the server with Hackerguardian).

Perhaps this fix will be included in an official patch from SWsoft later, but for now I thought it was wise to share this little HOWTO with you.
 
After this I had a problem:

Code: 
The service did not respond to the start of control request in a timely fashion. (Error code 1053) at StartService 'PLESKMISCRV'

The Plesk Miscellaneous Service didn't start.
 
Hmmm... strange that the Plesk Control Panel would work fine with this update, but the Plesk Miscellaneous Service does not work...

Well, it's a good thing the replaced DLLs are backed up. You can just copy those backups back to restore the previous version and the problem is gone...

I hope SWsoft will add the latest version of OpenSSL to their automated updates soon and plug this problem.
 
Originally posted by thijshoutenbos

Well, it's a good thing the replaced DLLs are backed up. You can just copy those backups back to restore the previous version and the problem is gone...
Click to expand...

It's what I've done :)
Otherwise new openSSL included also an openssl.exe, probably is the old one that generate this issue.
 
You must log in or register to reply here.

Similar threads

P
Resolved Plesk update: ERROR while trying to backup MySQL database
2
Replies
21
Views
4K
Dave W
Dave W
S
Issue Plesk Control Panel search and specific pages/actions are extremely slow, while website works fine.
Replies
3
Views
2K
SirAdams
SirAdams
jwright73
Issue Unable to login from WHMCS Client area automatically to Plesk Panel
Replies
7
Views
5K
thanos
T
A
Issue Cannot access the login page for Plesk control panel
Replies
5
Views
5K
Bitpalast
Bitpalast
R
Issue Update to plesk 18.0.40 failed
Replies
2
Views
2K
IgorG
IgorG
Back
Top