• Dear Pleskians! The Plesk Forum will be undergoing scheduled maintenance on Monday, 7th of July, at 9:00 AM UTC. The expected maintenance window is 2 hours.
    Thank you in advance for your patience and understanding on the matter.

HOW TO: Update OpenSSL for Plesk Control panel

T

thijshoutenbos

Guest
The version of OpenSSL used by the Plesk Control Panel (Apache) contains a vulnerability that may allow an attackers to cause a DoS attack, or even worse: possibly gain a remote shell.

This vulnerability was present in the most recently update Plesk 7.6, and was confirmed by scanning the host with the online security audit tool Hackerguardian.

To update to the latest version you need to download the latest OpenSSL from Sourceforge:
http://sourceforge.net/project/downloading.php?groupname=gnuwin32&filename=openssl-0.9.7c-bin.zip

You need to replace the files 'libssl32.dll' and 'libeay32.dll' in the folder 'C:\Program Files\SWsoft\Plesk\admin\bin' (or any other location you installed Plesk). Be sure to back up the DLLs you replace before overwriting them. After restarting your Plesk Control Panel service you now use the updated OpenSSL library and should no longer be vulnerable to this attack (this was also verified by re-scanning the server with Hackerguardian).

Perhaps this fix will be included in an official patch from SWsoft later, but for now I thought it was wise to share this little HOWTO with you.
 
After this I had a problem:

Code: 
The service did not respond to the start of control request in a timely fashion. (Error code 1053) at StartService 'PLESKMISCRV'

The Plesk Miscellaneous Service didn't start.
 
Hmmm... strange that the Plesk Control Panel would work fine with this update, but the Plesk Miscellaneous Service does not work...

Well, it's a good thing the replaced DLLs are backed up. You can just copy those backups back to restore the previous version and the problem is gone...

I hope SWsoft will add the latest version of OpenSSL to their automated updates soon and plug this problem.
 
Originally posted by thijshoutenbos

Well, it's a good thing the replaced DLLs are backed up. You can just copy those backups back to restore the previous version and the problem is gone...
Click to expand...

It's what I've done :)
Otherwise new openSSL included also an openssl.exe, probably is the old one that generate this issue.
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk Control Panel search and specific pages/actions are extremely slow, while website works fine.
Replies
3
Views
2K
SirAdams
SirAdams
jwright73
Issue Unable to login from WHMCS Client area automatically to Plesk Panel
Replies
7
Views
5K
thanos
T
A
Issue Cannot access the login page for Plesk control panel
Replies
5
Views
5K
Bitpalast
Bitpalast
R
Issue Update to plesk 18.0.40 failed
Replies
2
Views
3K
IgorG
IgorG
B
Question How to point a domain name at the Plesk control panel
Replies
4
Views
3K
learning_curve
learning_curve
Back
Top