Dear Customers,
If you are running a Linux server with Plesk control panel, please be aware there was a flaw discovered in the popular ProFTPD FTP server that potentially allows unauthenticated attackers to compromise your server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences.
ProFTPD bug report:
http://bugs.proftpd.org/show_bug.cgi?id=3521Updating to ProFTPD version 1.3.3c or disabling FTP services is the only current solution to this vulnerability.
A Proftpd update for Plesk has been provided by Atomic Rocket Turtle (
http://www.atomicorp.com/news/security-update.html). To apply the update, execute the commands below.
wget -O - http://www.atomicorp.com/installers/atomic | sh
yum upgrade psa-proftpd
Please review
http://www.parallels.com/products/plesk/ProFTPD for updates to this security issue.
We can perform this upgrade for you for a fee of $35. You would simply need to contact
dedicated@lunarpages.com with the last 4 digits of your card on file and your account username or primary domain name.
Those who are on managed hosting, please note we can provide this update by your request at no cost.
If you have any questions, please contact
dedicated@lunarpages.com with those questions.
Thank you,
Lunarpages System Administrator Team
