• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

PCI Compliance Issues

D

davidthurston

Guest
Hi, apologies if any of this has been posted before. I searched, but couldn't find anthing that applied to me.
I have the following Failures from Security Metrics.

VPS from Webfusion, Running Ubuntu 10, and Plesk 10.4.4

----------------------

Description: possible format string vulnerability in Courier IMAP Severity: Potential Problem CVE: CVE-2004-0777 Impact: A remote attacker could execute arbitrary commands. Resolution [http://www.courier-mta.org/download.php #imap] Upgrade to Courier IMAP 3.0.4 or higher, or set DEBUG_LOGIN equal to the default value of 0 in the IMAP configuration file, which is typically located in /usr/lib/courier-imap/etc/imapd. Vulnerability Details: Service: imap

I checked the version on plesk, and it is 3.08. Checked /etc/courier-imap/imapd and its got DEBUG=0

-----------------------------------------

Description: possible vulnerability in ProFTP 1.3.3e Severity: Area of Concern CVE: CVE-2011-4130 Impact: Attackers exploiting these vulnerabilities may be able to execute arbitrary commands, perhaps with root privileges, gain unauthorized access, or disrupt service on a target system. Resolution Upgrade [http://www.proftpd.org] ProFTPD to version [http://www.proftpd.org/docs/RELEASE_NOT ES-1.3.3g] 1.3.3g (stable) or greater.

We're running version 1.3.3e

--------------------------------------------
 
I think i have solved issue 1
I sent SM the results of
dpkg --list | grep courier-imap
and grep DEBUG_LOGIN /etc/courier-imap/imapd

That should hopefully be good enough for them.

Any ideas on the second issue about Proftp?
 
Back
Top