[Resolved][Vulnerability] Proftpd vulnerability. All FTP access temporarily blocked.

Parallels who are the Plesk Control Panel software writers announced a serious FTP software vulnerability.

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.

ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521

Parallels Plesk Panel 9.x, 9.5x and 10 include this vulnerability. Parallels will issue Micro Updates (hotfixes) for 9.5.2 and 9.5.3 no later than 12:00 GMT (noon) on Thursday November 11, (7:00am EST in the US) to fix this. The patch for Parallels Plesk Panel 10.01 will be released at 17:00 GMT on Thursday November 11, (12:00pm EST in the US). Patches for Plesk 9.0, 9.22, and 9.3 will be posted by 12 noon GMT on Friday November 12, (7am EST in the US). Parallels updates on this will be coming soon.

Updating to ProFTPD version 1.3.3c or disabling FTP services is the only current solution to this vulnerability.
Our server administrators are working now on this problem and patching all necessary files.
If you require FTP access to your website please contact support 0121 222 0500 or by email support@swiftinter.net.
Sorry for all inconveniences.
Posted in Resolved, Servers, Vulnerabilities
One comment on “[Resolved][Vulnerability] Proftpd vulnerability. All FTP access temporarily blocked.
  1. FTP access has just been enabled.

    All Plesk servers with Plesk version higher than 9.0 have been updated to the latest version of ProFTPD.

Comments are closed.