• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Security Issue in Proftpd in Plesk?

We would also be VERY interested if our Plesk Servers are vulnerable to this Security Issue ... and if yes - when a patch will be available (as this Bug is exploited in the wild)
thx
Andreas Schnederle-Wagner
 
@furureweb:
I know for sure that Version 1.35 of the Proftpd Server (current Stable Version) is NOT Secured as Heise Online (A Big German Security Protal) has announced.
Anway you can Download a Patch fix from the Github of Proftpd here: https://github.com/proftpd/proftpd/commit/35b65aaf7219be474f621a874ec77c85d9ec794d.patch
But you have to Compile it by yourselfe.

Currently i dont know if the Patch Fix provided on Github is working with the Plesk proftpd, since the Plesk proftpd is not 100% the Original Verison you can download from the Homepage of proftpd (its adapted to the Plesk System).
So i would NOT RECCOMEND it to download and try the fix on a live System, since as i said im not sure if it is compatible with the Plesk proftpd Version
 
According to my tests - it seems that Plesk proftpd is NOT vulnerable at all ...

Code: 
[root@server etc]# telnet localhost 21
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 ProFTPD 1.3.5 Server (ProFTPD) [::1]
site cpfr /etc/passwd
500 'SITE CPFR' not understood

Which makes sense --> proftpd -vv doesn't show mod_copy module loaded ... so I guess we are safe ... ;-)

Andreas
 
You must log in or register to reply here.

Similar threads

M
Resolved Roundcube vulnerability CVE-2025-49113
Replies
18
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
Jürgen_T
Question Migration from Plesk Email Security (Amavis, SpamAssassin 3.x) to Rspamd 3.12 – Experiences?
Replies
9
Views
2K
Jürgen_T
Jürgen_T
M
Resolved Plesk restore from a ZIP after server failure.
Replies
0
Views
2K
mad_inventor
M
M
Issue Lets Encrypt SSL issued but the website is not secured
Replies
9
Views
3K
Kaspar@Plesk
Kaspar@Plesk
P
Resolved Issue with Subscription Backups in Plesk CLI Using FTP Storage
Replies
5
Views
2K
paolotrombini25
P
Back
Top