• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Security Issue in Proftpd in Plesk?

We would also be VERY interested if our Plesk Servers are vulnerable to this Security Issue ... and if yes - when a patch will be available (as this Bug is exploited in the wild)
thx
Andreas Schnederle-Wagner
 
@furureweb:
I know for sure that Version 1.35 of the Proftpd Server (current Stable Version) is NOT Secured as Heise Online (A Big German Security Protal) has announced.
Anway you can Download a Patch fix from the Github of Proftpd here: https://github.com/proftpd/proftpd/commit/35b65aaf7219be474f621a874ec77c85d9ec794d.patch
But you have to Compile it by yourselfe.

Currently i dont know if the Patch Fix provided on Github is working with the Plesk proftpd, since the Plesk proftpd is not 100% the Original Verison you can download from the Homepage of proftpd (its adapted to the Plesk System).
So i would NOT RECCOMEND it to download and try the fix on a live System, since as i said im not sure if it is compatible with the Plesk proftpd Version
 
According to my tests - it seems that Plesk proftpd is NOT vulnerable at all ...

Code: 
[root@server etc]# telnet localhost 21
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD) [::1]
site cpfr /etc/passwd
500 'SITE CPFR' not understood

Which makes sense --> proftpd -vv doesn't show mod_copy module loaded ... so I guess we are safe ... ;-)

Andreas
 
You must log in or register to reply here.

Similar threads

J
Issue So Many issues with Plesk -Email - System reboots
Replies
0
Views
107
jammer699669
J
A
Question Some security questions
Replies
2
Views
219
amba1980
A
marvin
Issue IMAP requires security certificate? Maybe?
2 3
Replies
40
Views
4K
Peter Debik
P
X
Resolved Plesk Extension: Plesk Email Security (Very Slow Delivery)
Replies
8
Views
5K
Kaspar@Plesk
Kaspar@Plesk
S
Issue Plesk not Starting (Possible MySql issue)
Replies
5
Views
1K
Sharky
S
Back
Top