Fixed sinceThe problem described in this KB article has been completely fixed since Parallels Plesk Panel 10.4.x version.
SymptomsFor fixing problem ProFTPD Remote Code Execution Vulnerability and Exploit I have installed microupdate in my Parallels Plesk Panel 9.5, 10.0.1 per instructions. However as I see version of psa-proftpd was not changed.
How to verify that fixed proftpd was replaced on my server?
ResolutionMicroupdates do not change version of Parallels Plesk Packages packages. After installation you'll see the following packages installed in your Parallels Plesk Panel 10.0.1:
~# rpm -qa | grep proftpd
To verify the fixed binary is installed on the server you may compare it with standard fixed proftpd. The fixed binary is available on the website at:
For example for Parallels Plesk Panel 10.0.1, CentOS5, 64bit:
1. Download the binary on the server:
~# wget http://autoinstall.plesk.com/PSA_10.0.1/microupdates/MU1/dist-rpm-CentOS-5-x86_64/proftpd
2. Compare md5sum of downloaded file and system file. They should match:
~# md5sum ./proftpd
~# md5sum /usr/sbin/proftpd
Use the same procedure for Parallels Plesk Panel versions 9.5.2 and 9.5.3.