A Linux kernel vulnerability (CVE-2013-2094) that may allow local users to gain root privileges (0-day exploit) was recently identified.
Affected operating systems
- Red Hat Enterprise Server 6.1
- CentOS 6.1
- Ubuntu 12.04
Other operating systems supported by Plesk, as well as systems running Linux kernel version 2.6, are not affected by the vulnerability.
- Privileges escalation: any local user can gain root privileges.
- Exploit is available in the wild.
Pre-requirements for exploiting the issue
Local user account is required (no remote attack).
- If Parallels Plesk Panel is installed in a container on Parallels Virtuozzo Containers (PVC), Parallels Server Bare Metal (PSBM), or Parallels Cloud Server (PCS), refer to the list of recommendations provided in article #116086.
For dedicated servers, install the kernel update provided by the OS vendor:
Red Hat Enterprise Linux 6:
- Red Hat Enterprise Linux 6: