Article ID: 111152, created on Apr 18, 2011, last review on Aug 12, 2014

  • Applies to:
  • Plesk 10.x for Linux
  • Plesk 9.x for Linux/Unix

Symptoms

A Qmail-TLS STARTTLS protocol plaintext command injection vulnerability was found.
For more details, see:
        Multiple Products STARTTLS Plaintext Command Injection

Resolution

This vulnerability was fixed in Micro-Updates (MU) implemented since Apr 07, 2011 through the Autoinstaller.
    Parallels Plesk Panel 9.3.0 MU#9
  Parallels Plesk Panel 9.5.2 MU#10
  Parallels Plesk Panel 9.5.4 MU#5
  Parallels Plesk Panel 10.0.1 MU#6
  Parallels Plesk Panel 10.1.1 MU#14


Use the following link to see the Micro-Update installation procedure:
       #9294 Using Micro-Updates in Parallels Plesk Panel 9.x, 10.x and Parallels Small Business Panel

Resolution

Parallels Plesk Panel 8.4.0.1 for Linux - Qmail STARTTLS vulnerability fix
Parallels Plesk Panel 8.6.0.7 for Linux - Qmail STARTTLS vulnerability fix

dd0611b6086474193d9bf78e2b293040 a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 6ef0db7f1685482449634a455d77d3f4 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF