Parallels has announced potential vulnerability issues affecting the ftp server software ProFTPD, a component service of their control panel Plesk.
?Parallels strives to deliver solutions to potential vulnerability issues of component parts as soon as they are identified. Please pay attention to this notification as it contains an Important Security Notification. More information can be found on the Parallels website, by visiting: http://www.parallels.com/products/plesk/proftpd
Affected Products: Parallels Plesk Panel 9.5x and 10 include this vulnerability (no prior versions included this version of the component). Parallels Small Business Panel 10.2 is also affected.
Details of the Vulnerability or Exploit: A flaw in ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The buffer overflow allows attackers to write arbitrary code to the application?s stack and launch it. Updating to version 1.3.3c of ProFTPD solves the problem.?






More information is available on Parallels? website at: http://www.parallels.com/products/plesk/proftpd
DLow Reviewed by DLow on . Security Vulnerability to ProFTPD, a component service of Plesk http://www.imgcafe.com/view/uploads/315pxparal.png Parallels has announced potential vulnerability issues affecting the ftp server software ProFTPD, a component service of their control panel Plesk. ?Parallels strives to deliver solutions to potential vulnerability issues of component parts as soon as they are identified. Please pay attention to this notification as it contains an Important Security Notification. More information can be found on the Parallels website, by visiting: Rating: 5