Results 1 to 7 of 7

Thread: Critical Security Vulnerability -> how about Expand compatibility?!

  1. #1
    Mega Poster
    Join Date
    Apr 2004
    Posts
    148

    Default Critical Security Vulnerability -> how about Expand compatibility?!

    Hello everybody!

    You all have received the mail today regarding the "Critical Security Vulnerability" in all Plesk-Products.

    So our question now is:
    - Can we upgrade/patch our linux und windows versions (8.6) of Plesk and will they still work with Expand OK?
    - Can we upgrade/patch our windows 9.5 c-mail plesk (incl. special hotfix for expand compatibility) with the patch and will
    it still work OK with Expand? Or do we need a new "special hotfix" so that it still works with Expand?

    Thanks a for a quick answer from the Expand Devs!

    Best regards,

    Christian
    Yours sincerely,

    Christian Fasold
    FaSoft Munich



  2. #2
    Mega Poster
    Join Date
    Apr 2004
    Posts
    148

    Default

    Dear Parallels-Staff,

    any updates on this here?
    This seems to be a MAJOR SECURITY ISSUE, so please be so kind as to answer here ASAP...
    We think all of your customers are interested how they can proceed in this matter...

    Thanks a lot and best regards,

    Christian
    Yours sincerely,

    Christian Fasold
    FaSoft Munich



  3. #3
    Mega Poster
    Join Date
    Apr 2004
    Posts
    148

    Default

    Still now answer?

    Unbelievable...

    Best regards,

    Christian
    Yours sincerely,

    Christian Fasold
    FaSoft Munich



  4. #4
    Mega Poster
    Join Date
    Apr 2004
    Posts
    148

    Default

    As Parallels doesn't seem to take this issue seriously (we think that this is a terrible bug with
    a HUGE impact):
    We have now patched all 8.6-Servers without any problems and the patch for 9.5.4 (with special hotfix for Expand) can also be applied as it regards other files than the special expand-hotfix.

    The only question which is still unanswered is, if Expand itself is also "open to the public" as all Plesk Control Panels seem to be.

    We wish you all good luck with patching your systems!

    Best regards,

    Chris
    Yours sincerely,

    Christian Fasold
    FaSoft Munich



  5. #5
    Kilo Poster
    Join Date
    Dec 2007
    Posts
    17

    Default

    I am also interested in hearing the answer to this question. We have patched all our Plesk 9.5.4 servers with the latest micro-updates and everything seems to be working fine. However I am seriously worried about the security of our expand instance.

    We had an unknown compromise on our expand node last week and I was unable to find the source. A rootkit was installed in the expand VPS and it was being used for DOS attacks. I have since migrated expand to a newer VPS and it seems fine now but I am curious how the original hack was executed. It was a VPS dedicated to expand so there wasn't many ways for the VPS to be compromised.

    Can someone from Parallels confirm if expand is vulnerable to the recent exploits in Plesk?



  6. #6
    Mega Poster
    Join Date
    Apr 2004
    Posts
    148

    Default

    We have managed to establish a contact to the devs of Expand.

    Expand itself is not vulnerable to the _current_ SQL-Injection-Bug, but that doesn't mean that there might be another bug somewhere in Expand ;-)

    But the current exploit doesn't work on Expand, so at least here we can be relieved...

    Best regards,

    Chris
    Yours sincerely,

    Christian Fasold
    FaSoft Munich



  7. #7
    Mega Poster
    Join Date
    Apr 2004
    Posts
    148

    Default

    So as a new security vulnerability has been found (again!), we had to upgrade our c-mail server
    to Plesk 9.5.5.

    We have upgraded to 9.5.5, then applied the Expand-Patch for 9.5.5, then the MicroUpdates and then again the Expand-Patch (just to be sure).
    We already wondered, why we didn't get the license agreement when we logged in as "admin" (we did get that before on 9.5.4 after installing the patch) but didn't pay that much mind.

    But now we cannot create new eMail-Addresses!
    THIS IS ABSOLUTELY VITAL FOR US THAT THE CMAIL-SERVER WORKS!

    The Mailsystem (IceWarp) worked perfectly before with Plesk 9.5.4 and the Expand-Patch...

    This is the error we get:
    "Error: Unable to update the mail account properties:mailmng failed: Empty error message from utility."

    The eMail-Address is created inside IceWarp but not shown inside Plesk (most likely because of the error).

    Windows Event Log:
    - ---
    Faulting application name: mailmng.exe, version: 9.505.0.0, time stamp: 0x4e114033
    Faulting module name: api.dll, version: 0.0.0.0, time stamp: 0x4fb28666
    Exception code: 0xc0000005
    Fault offset: 0x0000778e
    Faulting process id: 0x11b8
    Faulting application start time: 0x01cd62ad2254c51d
    Faulting application path: C:\Program Files (x86)\Parallels\Plesk\admin\bin\mailmng.exe
    Faulting module path: C:\PROGRA~2\IceWarp\api.dll
    Report Id: 60512fbe-cea0-11e1-bf9d-005056963efe
    - ---
    - ---
    Fault bucket , type 0
    Event Name: APPCRASH
    Response: Not available
    Cab Id: 0

    Problem signature:
    P1: mailmng.exe
    P2: 9.505.0.0
    P3: 4e114033
    P4: api.dll
    P5: 0.0.0.0
    P6: 4fb28666
    P7: c0000005
    P8: 0000778e
    P9:
    P10:

    Attached files:

    These files may be available here:
    C:\ProgramData\Microsoft\Windows\WER\ReportQueue\A ppCrash_mailmng.exe_e8f41568aac836e36eba2f3b1166b5 2868d10_0b753b54

    Analysis symbol:
    Rechecking for solution: 0
    Report Id: 60512fbe-cea0-11e1-bf9d-005056963efe
    - ---
    - ---
    Version=1
    EventType=APPCRASH
    EventTime=129868460014160626
    ReportType=2
    Consent=1
    ReportIdentifier=60512fbf-cea0-11e1-bf9d-005056963efe
    IntegratorReportIdentifier=60512fbe-cea0-11e1-bf9d-005056963efe
    WOW64=1
    Response.type=4
    Sig[0].Name=Application Name
    Sig[0].Value=mailmng.exe
    Sig[1].Name=Application Version
    Sig[1].Value=9.505.0.0
    Sig[2].Name=Application Timestamp
    Sig[2].Value=4e114033
    Sig[3].Name=Fault Module Name
    Sig[3].Value=api.dll
    Sig[4].Name=Fault Module Version
    Sig[4].Value=0.0.0.0
    Sig[5].Name=Fault Module Timestamp
    Sig[5].Value=4fb28666
    Sig[6].Name=Exception Code
    Sig[6].Value=c0000005
    Sig[7].Name=Exception Offset
    Sig[7].Value=0000778e
    DynamicSig[1].Name=OS Version
    DynamicSig[1].Value=6.1.7601.2.1.0.272.7
    DynamicSig[2].Name=Locale ID
    DynamicSig[2].Value=1031
    DynamicSig[22].Name=Additional Information 1
    DynamicSig[22].Value=5542
    DynamicSig[23].Name=Additional Information 2
    DynamicSig[23].Value=55426ddbace10bc9b61434d699b40557
    DynamicSig[24].Name=Additional Information 3
    DynamicSig[24].Value=98bf
    DynamicSig[25].Name=Additional Information 4
    DynamicSig[25].Value=98bf29ee300471b8b36ba2374bd93201
    UI[2]=C:\Program Files (x86)\Parallels\Plesk\admin\bin\mailmng.exe
    UI[5]=Check online for a solution (recommended)
    UI[6]=Check for a solution later (recommended)
    UI[7]=Close
    UI[8]=Mail Manager stopped working and was closed
    UI[9]=A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
    UI[10]=&Close
    LoadedModule[0]=C:\Program Files (x86)\Parallels\Plesk\admin\bin\mailmng.exe
    LoadedModule[1]=C:\Windows\SysWOW64\ntdll.dll
    LoadedModule[2]=C:\Windows\syswow64\kernel32.dll
    LoadedModule[3]=C:\Windows\syswow64\KERNELBASE.dll
    LoadedModule[4]=C:\Windows\syswow64\SHLWAPI.dll
    LoadedModule[5]=C:\Windows\syswow64\GDI32.dll
    LoadedModule[6]=C:\Windows\syswow64\USER32.dll
    LoadedModule[7]=C:\Windows\syswow64\ADVAPI32.dll
    LoadedModule[8]=C:\Windows\syswow64\msvcrt.dll
    LoadedModule[9]=C:\Windows\SysWOW64\sechost.dll
    LoadedModule[10]=C:\Windows\syswow64\RPCRT4.dll
    LoadedModule[11]=C:\Windows\syswow64\SspiCli.dll
    LoadedModule[12]=C:\Windows\syswow64\CRYPTBASE.dll
    LoadedModule[13]=C:\Windows\syswow64\LPK.dll
    LoadedModule[14]=C:\Windows\syswow64\USP10.dll
    LoadedModule[15]=C:\Windows\syswow64\ole32.dll
    LoadedModule[16]=C:\Windows\syswow64\OLEAUT32.dll
    LoadedModule[17]=C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVC P80.dll
    LoadedModule[18]=C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9 a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVC R80.dll
    LoadedModule[19]=C:\Windows\syswow64\PSAPI.DLL
    LoadedModule[20]=C:\Windows\system32\LIBMYSQL602.dll
    LoadedModule[21]=C:\Windows\syswow64\WS2_32.dll
    LoadedModule[22]=C:\Windows\syswow64\NSI.dll
    LoadedModule[23]=C:\Windows\syswow64\SHELL32.dll
    LoadedModule[24]=C:\Windows\system32\IMM32.DLL
    LoadedModule[25]=C:\Windows\syswow64\MSCTF.dll
    LoadedModule[26]=C:\Windows\syswow64\CLBCatQ.DLL
    LoadedModule[27]=C:\Windows\system32\CRYPTSP.dll
    LoadedModule[28]=C:\Windows\system32\rsaenh.dll
    LoadedModule[29]=C:\Windows\system32\RpcRtRemote.dll
    LoadedModule[30]=C:\PROGRA~2\IceWarp\api.dll
    LoadedModule[31]=C:\Windows\system32\msimg32.dll
    LoadedModule[32]=C:\Windows\system32\version.dll
    LoadedModule[33]=C:\Windows\system32\mpr.dll
    LoadedModule[34]=C:\Windows\system32\SHFolder.dll
    LoadedModule[35]=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec8 3dffa859149af\comctl32.dll
    LoadedModule[36]=C:\Windows\system32\winspool.drv
    LoadedModule[37]=C:\Windows\system32\wsock32.dll
    LoadedModule[38]=C:\Windows\system32\ODBC32.DLL
    LoadedModule[39]=C:\Windows\system32\odbcint.dll
    LoadedModule[40]=C:\Windows\system32\iphlpapi.dll
    LoadedModule[41]=C:\Windows\system32\WINNSI.DLL
    LoadedModule[42]=C:\Windows\system32\dhcpcsvc.DLL
    LoadedModule[43]=C:\Windows\system32\SXS.DLL
    LoadedModule[44]=C:\Windows\system32\libmysql.dll
    LoadedModule[45]=C:\Windows\system32\NLAapi.dll
    LoadedModule[46]=C:\Windows\system32\napinsp.dll
    LoadedModule[47]=C:\Windows\System32\mswsock.dll
    LoadedModule[48]=C:\Windows\system32\DNSAPI.dll
    LoadedModule[49]=C:\Windows\System32\winrnr.dll
    LoadedModule[50]=C:\Windows\system32\rasadhlp.dll
    LoadedModule[51]=C:\Windows\System32\wshtcpip.dll
    FriendlyEventName=Stopped working
    ConsentKey=APPCRASH
    AppName=Mail Manager
    AppPath=C:\Program Files (x86)\Parallels\Plesk\admin\bin\mailmng.exe
    - ---
    As we had to choose between an open hole in Plesk and risiking to break something,
    we went for the "secure Plesk first"-way as the worldwide impact of the "old" vulnerability
    didn't leave us much choice but to patch RIGHT AWAY.

    So please Parallels, do not us down here now, we really need to get this back working!

    Thanks a lot and best regards

    Christian
    Yours sincerely,

    Christian Fasold
    FaSoft Munich



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •