Mousey
Ueber Meister Mouse
- Joined
- Sep 12, 2004
- Location
- Up$hitCreek
You do not have permission to view link
Log in or register now.
Hundreds of thousands of websites could be endangered by publicly available attack code exploiting a critical vulnerability in the Plesk control panel. This particular vulnerability gives hackers control of the server it runs on according to security researchers.
The code-execution vulnerability affects default versions 8.6, 9.0, 9.2, 9.3, and 9.5.4 of Plesk running on the Linux and FreeBSD operating systems, a configuration used by more than 360,000 websites. Plesk running on Windows and other types of Unix haven't been tested to see if those configurations are vulnerable as well. The exploit code was released Wednesday on the Full-Disclosure mailing list by "kingcope," a pseudonymous security researcher who has frequented the forum for years. He has a proven track record for developing reliable exploits.
"This vulnerability has a high severity rating," kingcope wrote in an e-mail to Ars. "An attacker can use this exploit to get a command line shell remotely with the privileges of the configured Apache user."
Representatives of Parallels, the software developer that sells Plesk, didn't respond to e-mails seeking comment for this post. The fee-based software gives administrators an easy-to-use interface.....
