atomicturtle
Golden Pleskian
Its not the psa-proftpd package, its whatever is managing the xinetd config file in Plesk 10. Looks like the package name has changed between 9 and 10.
Plesk Microupdate where this problem will be fixed will be released very soon.
There is an exploit in the wild specifically targeting Plesk installs that has been out for three days.
["Debian GNU/Linux 5.0, ProFTPD 1.3.2e Server (Plesk binary)",
...
["Debian GNU/Linux 5.0, ProFTPD 1.3.3 Server (Plesk binary)",
...
["Debian GNU/Linux 4.0, ProFTPD 1.3.2e Server (Plesk binary)",
...
["SUSE Linux 9.3, ProFTPD 1.3.2e Server (Plesk binary)",
...
["SUSE Linux 10.0/10.3, ProFTPD 1.3.2e Server (Plesk binary)",
...
["SUSE Linux 10.2, ProFTPD 1.3.2e Server (Plesk binary)",
...
["SUSE Linux 11.0, ProFTPD 1.3.2e Server (Plesk binary)",
...
["SUSE Linux 11.1, ProFTPD 1.3.2e Server (Plesk binary)",
...
["SUSE Linux SLES 10, ProFTPD 1.3.2e Server (Plesk binary)",
...
["CentOS 5, ProFTPD 1.3.2e Server (Plesk binary)",
...
Determining the packages that need to be installed.
ERROR: Unable to proceed with the installation until the package psa-proftpd-1.3.3c-2.el5.art.x86_64 is removed from the system.
Not all packages were installed.
Why does your notice continue to ignore the fact that Plesk 8 is also vulnerable?
A Proftpd update for Plesk has been provided by Atomic Rocket Turtle. To apply the update, execute the commands below.
# wget -O - http://www.atomicorp.com/installers/atomic |sh
# yum upgrade psa-proftpd
ERROR: Unable to proceed with the installation until the package psa-proftpd-1.3.3c-2.el5.art.x86_64 is removed from the system.
I have Debian Lenny where ist a Update for Debain lenny Plesk 9.5.3