{"id":5647,"date":"2013-06-10T07:46:30","date_gmt":"2013-06-10T11:46:30","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=5647"},"modified":"2013-06-10T07:46:30","modified_gmt":"2013-06-10T11:46:30","slug":"plesk-compromise","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/","title":{"rendered":"Plesk Compromise"},"content":{"rendered":"

From arstechnica.com<\/a><\/p>\n

Parallels KB article:
\nhttp:\/\/kb.parallels.com\/116241 <\/a><\/p>\n

“The exploit for this vulnerability uses a combination of the 2 issues:
\n– PHP vulnerability CVE-2012-1823 related to CGI mode used in older Plesks (http:\/\/kb.parallels.com\/en\/113818).
\n– Plesk phppath script alias usage in Plesk versions 9.0 – 9.2
\n
\nA remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.<\/p>\n

Parallels Plesk Panel 9.0 through 9.2.3 versions on Linux platform only. These are less than 4% of all Plesk Panel licenses, and these versions are end-of-life and unsupported (superseded by 9.5.4, which has been a direct upgrade available for over 3 years).” <\/p>\n

\n

Proposed resolution <\/p>\n

back up and remove this line from the following file:
\n
\n\/etc\/httpd\/conf.d\/php_cgi.conf:scriptAlias \/phppath\/ \"\/usr\/bin\/\"
\n<\/code>
\n-OR, preferably:-<\/p>\n

upgrade customer to Plesk 9.5.4 – further upgrades would require kicking a new server and a migration due to database changes and the Postfix\/Qmail (package) upgrade issue in 10.x <\/p>\n

\n

Customers on Plesk Panel 9.0 through 9.2.3 should:<\/p>\n

\u2022 Upgrade to the latest version of Plesk. Plesk 11 has been available for one year now. Plesk 11.5 has many improvements and will be available on June 13. Worst case, update to Plesk Panel 9.5.4 (will end of life soon) which has a special php wrapper protecting from the PHP issue, along with a solution that avoids the phppath attack vector.<\/p>\n

\u2022 Update PHP to protect against CVE-2012-1823 vulnerability (See http:\/\/kb.parallels.com\/en\/113818)<\/p>\n

\u2022 Parallels has prepared a script for automatic updating the server, if Plesk Panel update is not possible.
\nDownload the archived script wrapper<\/a> from the attachment on the server with Parallels Plesk Panel for Linux 9.0 – 9.2.3.
\nExtract the archive and execute the script:
\n# wget http:\/\/kb.parallels.com\/Attachments\/25053\/Attachments\/wrapper.zip
\n# unzip wrapper.zip
\n# cd wrapper
\n# bash install.sh
\n<\/code>
\n 
\nAll currently supported versions of Parallels Plesk Panel 9.5.4, 10.x and 11.x, as well Parallels Plesk Automation, are not vulnerable. Also, Plesk 8.x (now end-of-life) is not vulnerable.<\/p>\n

If a customer is using legacy and no longer supported version of Parallels Plesk Panel they should upgrade to the latest version.<\/p>\n

Parallels reminds Plesk users that timely updates of an Operating System as well as Plesk itself are very important and required for your system security.<\/p>\n","protected":false},"excerpt":{"rendered":"

From arstechnica.com Parallels KB article: http:\/\/kb.parallels.com\/116241 “The exploit for this vulnerability uses a combination of the 2 issues: – PHP vulnerability CVE-2012-1823 related to CGI mode used in older Plesks (http:\/\/kb.parallels.com\/en\/113818). – Plesk phppath script alias usage in Plesk versions 9.0 – 9.2… <\/p>\n

Read More<\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-5647","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"\nPlesk Compromise - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/plesk-compromise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Plesk Compromise - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"From arstechnica.com Parallels KB article: http:\/\/kb.parallels.com\/116241 “The exploit for this vulnerability uses a combination of the 2 issues: – PHP vulnerability CVE-2012-1823 related to CGI mode used in older Plesks (http:\/\/kb.parallels.com\/en\/113818). – Plesk phppath script alias usage in Plesk versions 9.0 – 9.2... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/plesk-compromise\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2013-06-10T11:46:30+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Plesk Compromise\",\"datePublished\":\"2013-06-10T11:46:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/\"},\"wordCount\":355,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/\",\"name\":\"Plesk Compromise - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2013-06-10T11:46:30+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/plesk-compromise\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Plesk Compromise\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Plesk Compromise - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/","og_locale":"en_US","og_type":"article","og_title":"Plesk Compromise - Linux Shtuff","og_description":"From arstechnica.com Parallels KB article: http:\/\/kb.parallels.com\/116241 “The exploit for this vulnerability uses a combination of the 2 issues: – PHP vulnerability CVE-2012-1823 related to CGI mode used in older Plesks (http:\/\/kb.parallels.com\/en\/113818). – Plesk phppath script alias usage in Plesk versions 9.0 – 9.2... Read More","og_url":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2013-06-10T11:46:30+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Plesk Compromise","datePublished":"2013-06-10T11:46:30+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/"},"wordCount":355,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/","url":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/","name":"Plesk Compromise - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2013-06-10T11:46:30+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/plesk-compromise\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/plesk-compromise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Plesk Compromise"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/5647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=5647"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/5647\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=5647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=5647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=5647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}