1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Vulnerability in ProFTP 1.3.3d (PCI Compliance)

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by JohnToTheK, Sep 18, 2012.

  1. JohnToTheK

    JohnToTheK New Pleskian

    10
     
    Joined:
    Sep 18, 2012
    Messages:
    3
    Likes Received:
    0
    We are currently using Plesk Panel 10.0.0 on CentOS 4.9. I realize our server is well out of date, but due to extraneous circumstances, we haven't been able to update it.

    While that is the case, we are still held to PCI compliance standards. One of their scans flagged our server with this:

    My question is this: is it possible to upgrade ProFTPD to at least 1.3.3g on our server? We can't use the yum command anymore, since they've turned off the repositories for our outdated server. What are our options here? Thanks so much for any advice!
     
  2. Blake@Parallels

    Blake@Parallels Regular Pleskian

    24
    73%
    Joined:
    Jul 28, 2008
    Messages:
    168
    Likes Received:
    0
    Location:
    Seattle, WA
  3. JohnToTheK

    JohnToTheK New Pleskian

    10
     
    Joined:
    Sep 18, 2012
    Messages:
    3
    Likes Received:
    0
    Blake, thanks so much for the reply.

    Since we are currently running CentOS 4.9, we were told that we can't update past Plesk 10.0.0, where we are now. So I have been operating under the assumption that unless we change our server, we can't update Plesk anymore.

    Is that true?

    If that is true, is there any other option for upgrading ProFTP, outside of upgrading Plesk?
     
  4. Blake@Parallels

    Blake@Parallels Regular Pleskian

    24
    73%
    Joined:
    Jul 28, 2008
    Messages:
    168
    Likes Received:
    0
    Location:
    Seattle, WA
    CentOS 4 is actually supported up to Plesk 10.2. You could update to this version and apply all MicroUpdates to get the ProFTPd fixed version. http://download1.parallels.com/Ples...nel-10-linux-updates-release-notes.html#10212

    That said, given that CentOS 4 has been EOL'ed by its vendor, I think it would be in your best interests (in terms of both PCI and security overall) to get a new server with CentOS 5 or CentOS 6 with Plesk 11.x and migrate your Plesk instance to this new server at your earliest convenience.
     
  5. JohnToTheK

    JohnToTheK New Pleskian

    10
     
    Joined:
    Sep 18, 2012
    Messages:
    3
    Likes Received:
    0
    Excellent, great information. I really appreciate your prompt and helpful comments! Cheers!
     
Loading...