• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

ProFTPD 1.3.3e - PCI complian scan failed

S

snowfire

Guest
ProFTPD 1.3.3e - PCI compliance scan failed

Hello
I just completed a clients container upgrade from 10.3 to 10.4.4 (media Temple Plesk Parallels panel) specifically to fix the issue with ProFTPD.
I just ran a new pci scan, and it failed on ProFtpD( http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4130), It lists the solution as "upgrade to 1.3.3g".
current version: psa-proftpd 1.3.3e-cos5.build1013111101.14
according to the knowledgebase(http://www.parallels.com/products/plesk/documentation/proftpd/) the current version should be fine, is this true, should I contact security metrics and submit some type of mitigation?

Is this version available for upgrade? would I have to do a command line micro upgrade (my panel does not list any upgrades for the container)?
thank you for your help
 
Last edited by a moderator:
thanks for the update burnleyvic.
can any one at plesk please address this, is there an update to 1.3.3 g, or 1.3.4?
my client is very insistent that this get fixed asap, because their shopping cart is currently not pci compliant.
thank you
 
Agreed

Yea,

This was what our hosting company recommended as well...
Uh, kind of defeats the point of having a hosting company/using Plesk.
I should have just gone with Amazon.
 
thanks for the link, works like a champ & will be careful of the microupdates...
 
did that patch update you to 1.3.3g?
I haven't tried it yet myself, just found it. any issues with ftp afterwards?
 
You must log in or register to reply here.

Similar threads

P
Issue Can kernel be updated in Centos without breaking Plesk.
Replies
2
Views
2K
Bitpalast
Bitpalast
J
Vulnerability in ProFTP 1.3.3d (PCI Compliance)
Replies
4
Views
3K
JohnToTheK
J
D
PCI Compliance Issues
Replies
2
Views
2K
Jllynch
Jllynch
H
lighttpd (aka sw-cp-server) security and PCI compliance issues
Replies
9
Views
5K
HostaHost
H
S
plesk 11.5.30 component update failed ProFTPD ftpserver
Replies
1
Views
2K
Nikolay.
N
Back
Top