• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Security Issue in Proftpd in Plesk?

We would also be VERY interested if our Plesk Servers are vulnerable to this Security Issue ... and if yes - when a patch will be available (as this Bug is exploited in the wild)
thx
Andreas Schnederle-Wagner
 
@furureweb:
I know for sure that Version 1.35 of the Proftpd Server (current Stable Version) is NOT Secured as Heise Online (A Big German Security Protal) has announced.
Anway you can Download a Patch fix from the Github of Proftpd here: https://github.com/proftpd/proftpd/commit/35b65aaf7219be474f621a874ec77c85d9ec794d.patch
But you have to Compile it by yourselfe.

Currently i dont know if the Patch Fix provided on Github is working with the Plesk proftpd, since the Plesk proftpd is not 100% the Original Verison you can download from the Homepage of proftpd (its adapted to the Plesk System).
So i would NOT RECCOMEND it to download and try the fix on a live System, since as i said im not sure if it is compatible with the Plesk proftpd Version
 
According to my tests - it seems that Plesk proftpd is NOT vulnerable at all ...

Code: 
[root@server etc]# telnet localhost 21
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD) [::1]
site cpfr /etc/passwd
500 'SITE CPFR' not understood

Which makes sense --> proftpd -vv doesn't show mod_copy module loaded ... so I guess we are safe ... ;-)

Andreas
 
You must log in or register to reply here.

Similar threads

M
Issue Lets Encrypt SSL issued but the website is not secured
Replies
9
Views
1K
Kaspar@Plesk
Kaspar@Plesk
P
Resolved Issue with Subscription Backups in Plesk CLI Using FTP Storage
Replies
5
Views
399
paolotrombini25
P
P
Resolved PLESK 18.0.60 Problems to configure mails / Certificates, etc.
Replies
8
Views
832
mow
M
J
Issue So Many issues with Plesk -Email - System reboots
Replies
0
Views
333
jammer699669
J
A
Question Some security questions
Replies
2
Views
706
amba1980
A
Back
Top