Article ID: 116126, created on May 21, 2013, last review on May 10, 2014

  • Applies to:
  • Plesk for Linux/Unix


A Linux kernel vulnerability (CVE-2013-2094) that may allow local users to gain root privileges (0-day exploit) was recently identified.

Affected operating systems

  • Red Hat Enterprise Server 6.1
  • CentOS 6.1
  • Ubuntu 12.04

Other operating systems supported by Plesk, as well as systems running Linux kernel version 2.6, are not affected by the vulnerability.


  • Privileges escalation: any local user can gain root privileges.
  • Exploit is available in the wild.

Pre-requirements for exploiting the issue

Local user account is required (no remote attack).


  • If Parallels Plesk Panel is installed in a container on Parallels Virtuozzo Containers (PVC), Parallels Server Bare Metal (PSBM), or Parallels Cloud Server (PCS), refer to the list of recommendations provided in article #116086.
  • For dedicated servers, install the kernel update provided by the OS vendor:
    • Red Hat Enterprise Linux 6: kernel-2.6.32-358.6.2.el6
    • CentOS 6: kernel-2.6.32-358.6.2.el6
    • Ubuntu 12.04: linux-image-3.2.0-43.68


29d1e90fd304f01e6420fbe60f66f838 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c

Email subscription for changes to this article
Save as PDF