[FIX] Remote vulnerability in Plesk Panel

Parallels Plesk Panel Plesk 8.x for Windows Parallels Plesk Panel for Windows Plesk 10.x for Linux Parallels Plesk Panel for Linux/Unix Plesk 9.x for Linux/Unix Plesk 10.0.x for Windows Plesk 10.x for Windows Plesk 10.1 for Windows Plesk 10.3 for Windows Plesk 8.x for Linux/Unix Plesk 10.3 for Linux/Unix Plesk 10.2 for Linux/Unix Plesk 10.2 for Windows Plesk 10.0.x for Linux/Unix Plesk 9.x for Windows Plesk 10.1 for Linux/Unix Description NOTE: The issue has been completely fixed in the Plesk 8.6 MU#2, 9.5 MU#11, 10.3 MU#5, and later versions. Please refer to the http://kb.parallels.com/en/9294 to check the Micro-update version installed. NOTE: If you suspect your sever was compromised before you applied the fixes, it's strongly recommended to change passwords of all accounts in Plesk including Plesk 'admin' after applying the fixes. Please refer to the http://kb.parallels.com/en/113391 to reset passwords.

An anonymous attacker can remotely compromise Plesk server. Severity of vulnerability: Critical Access Vector: Network exploitable; victim must voluntarily interact with attack mechanism Access Complexity: easy Authentication: Not required to exploit Impact Type: Allows unauthorized access and modification Vulnerable versions: Parallels Plesk Panel versions 7.6.1 - 10.3.1 Recommended resolution path for providers and large data centers Update or migrate Plesk to versions for which Micro-Updates with fixes are available Manual file replacement Use workaround (see below) Resolution For the versions listed below, apply the fixes from this KB article: http://kb.parallels.com/en/113313. Plesk 8.1 for Linux/Unix Plesk 8.2 for Linux/Unix Plesk 8.3 for Linux/Unix Plesk 8.4 for Linux/Unix

 Plesk 9.0 for Linux/Unix Plesk 9.2.x for Linux/Unix Plesk 9.3 for Linux/Unix Plesk 10.0.x for Linux/Unix Plesk 10.1 for Linux/Unix Plesk 10.2 for Linux/Unix

For the versions listed below, apply the fixes from this KB article: http://kb.parallels.com/en/112303. Plesk 8.1 for Windows Plesk 8.2 for Windows Plesk 8.3 for Windows Plesk 8.4 for Windows Plesk 8.6 for Windows Plesk 9.0 for Windows Plesk 9.2 for Windows Plesk 9.3 for Windows Plesk 9.5 for Windows

For the following versions ... Plesk 8.6 for Linux Plesk 9.5.4 for Linux Plesk 10.0.1 for Linux and Windows Plesk 10.1.1 for Linux and Windows Plesk 10.2.0 for Linux and Windows Plesk 10.3.1 for Linux and Windows ... fixes are provided by the Micro-Updates listed below: 8.6.0 for Linux only MU#2 - http://kb.parallels.com/en/112181 9.5.4 for Linux only MU#11 - http://kb.parallels.com/en/112179 10.0.1 for Linux and Windows MU#13 - http://kb.parallels.com/en/113322 10.1.1 for Linux and Windows MU#22 - http://kb.parallels.com/en/113323 10.2.0 for Linux and Windows MU#16 - http://kb.parallels.com/en/113324 10.3.1 for Linux and Windows MU#5 - KB is absent

For the remaining versions, it is recommended that you update to at least the next-higher version of the versions listed above. Plesk 7.x Linux/Windows Plesk 8.0 Linux Parallels, 2012, autogenerated from http://kb.parallels.com/en/113321