Article ID: 9314, created on Nov 15, 2010, last review on Aug 12, 2014

  • Applies to:
  • Small Business Panel 10.x for Linux/Unix
  • Plesk 10.0.x for Linux/Unix
  • Plesk 9.5 for Linux/Unix

Fixed since

The problem described in this KB article has been completely fixed since Parallels Plesk Panel 10.4.x version.


For fixing problem ProFTPD Remote Code Execution Vulnerability and Exploit I have installed microupdate in my Parallels Plesk Panel 9.5, 10.0.1 per instructions. However as I see version of psa-proftpd was not changed.

How to verify that fixed proftpd was replaced on my server?


Microupdates do not change version of Parallels Plesk Packages packages. After installation you'll see the following packages installed in your Parallels Plesk Panel 10.0.1:

~# rpm -qa | grep proftpd

To verify the fixed binary is installed on the server you may compare it with standard fixed proftpd. The fixed binary is available on the website at:

For example for Parallels Plesk Panel 10.0.1, CentOS5, 64bit:

1. Download the binary on the server:

~# wget

2. Compare md5sum of downloaded file and system file. They should match:

~# md5sum ./proftpd
ef2dcd9224f32fa31a619b294cc6f689  ./proftpd
~# md5sum /usr/sbin/proftpd
ef2dcd9224f32fa31a619b294cc6f689  /usr/sbin/proftpd

Use the same procedure for Parallels Plesk Panel versions 9.5.2 and 9.5.3.

Additional information

Parallels Plesk Panel versions 9.5.2, 9.5.3 and 10.0.1 are affected by the problem. So the microupdate should be installed.

60d3e722783ac7177a2b4b4c13af4062 a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 6ef0db7f1685482449634a455d77d3f4 dd0611b6086474193d9bf78e2b293040 6a181d5c1f3b1bcb28db0b05464417ec b21de1858ad3ec50d5613195a77434ab 56797cefb1efc9130f7c48a7d1db0f0c

Email subscription for changes to this article
Save as PDF