A vulnerability has been identified in SWsoft Plesk, which could be exploited by attackers to gain unauthorized access to arbitrary files on a vulnerable system. This issue is caused by input validation errors in the “login.php3″ and “login_up.php3″ scripts when processing the “locale_id”, which could be exploited to conduct directory traversal attacks and disclose the contents of arbitrary files.

Affected Products

SWsoft Plesk version 7.6.1 for Windows
SWsoft Plesk version 8.1.0 for Windows
SWsoft Plesk version 8.1.1 for Windows

Here is what you can do –

Apply patch for Plesk 7.6.1 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/7.6.1/

Apply patch for Plesk 8.1.0 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0/

Apply patch for Plesk 8.1.0 + plesk_8.1.0_update070216.19 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.0.3/

Apply patch for Plesk 8.1.1 :
http://download1.swsoft.com/Plesk/Autoupdate/Windows/8.1.1/

For further details check this –
http://kb.swsoft.com/en/1798
http://www.frsirt.com/

This entry was posted on Friday, May 4th, 2007 at 8:56 am and is filed under Plesk, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.