1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

Vulnerability issues

Discussion in 'Plesk for Linux - 8.x and Older' started by rubendgt, Jun 10, 2005.

  1. rubendgt

    rubendgt Guest

    Hi everyone,

    I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

    The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

    I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
  2. egs2009

    egs2009 Guest

    It really shouldn't, as I have done the upgrades. I recommend you go to freshrpms.net and install yum for Redhat 9 and it can do the rest for you.

    Eg. yum update (do it the first time)

    and it will do the rest :)
  3. faris

    faris Guest

    Also remember that just because a seruciry scanning program says that certain applicatins are vulnerable doesn't mean they actually are.

    With RedHat 9, for example, RedHat (and the FLP?) "back port" security fixes from later versions into "older" version of the software. Sorry. I'm not explaining myself very well here. ....

    But basically with RedHat, just because the "normal" version XXX of application YYY is "vulnerable" does not mean that version XXX of YYY from RedHat is vulnerable.