• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Vulnerability issues

R

rubendgt

Guest
Hi everyone,

I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
 
Originally posted by rubendgt
Hi everyone,

I'm running Plesk 7.5.2 in RH9. I made an screen on the server with a security service in order to find some kind of threats and the reportes showed up that the server seems to be using a version of OpenSSL which is older than 0.9.6e or 0.9.7-beta3 and BIND 9.2.1-16 and said that this may be affected to a buffer overflow attack.

The report recommends to upgrade OpenSSL to version 0.9.6e (0.9.7beta3) or newer and upgrade BIND to 9.2.2 or downgrade to the 8.x series.

I've searching information about this in the forum but I could not find much details. I'm not sure about this, the server is running fine. I would like to know if this can affect plesk or server's functioning.
Click to expand...

It really shouldn't, as I have done the upgrades. I recommend you go to freshrpms.net and install yum for Redhat 9 and it can do the rest for you.

Eg. yum update (do it the first time)

and it will do the rest :)
 
Also remember that just because a seruciry scanning program says that certain applicatins are vulnerable doesn't mean they actually are.

With RedHat 9, for example, RedHat (and the FLP?) "back port" security fixes from later versions into "older" version of the software. Sorry. I'm not explaining myself very well here. ....

But basically with RedHat, just because the "normal" version XXX of application YYY is "vulnerable" does not mean that version XXX of YYY from RedHat is vulnerable.

Faris.
 
You must log in or register to reply here.

Similar threads

K
Resolved Send detailed error to client-side for 500 errors with ASP.NET
Replies
1
Views
6K
kelmore5
K
J.Wick
Issue Multiple Vulnerabilities in PHP 5 thru 8.3.7 Could Allow for Remote Code Execution - PATCH NOW
Replies
2
Views
2K
Tobias Sorensson
T
PeopleInside
Issue with Google Drive Backup
Replies
7
Views
4K
PeopleInside
PeopleInside
G
Question WP installs are quarantined daily.
Replies
4
Views
2K
Bobbbb
B
V
Issue WordPress Toolkit vulnerability report unclear
Replies
2
Views
2K
avatolin
avatolin
Back
Top