Plesk exploit gives attackers edge to escalate privileges in Apache

Share this article:

A hacker has disclosed exploit for a code-execution flaw impacting older versions of popular server administrator software used to create websites, email and other accounts.

The exploit code for Parallels Plesk Panel software was posted Wednesday on seclists.org by an individual who goes by the online alias Kingcope.

The exploit must be used in tandem with Apache Web server software, and can ultimately allow an attacker to inject malicious PHP code, programming language used to create dynamic web pages. A saboteur would have the ability to execute arbitrary commands by escalating user privileges in the Apache server.

To carry out the feat, an attacker would have to run Plesk in CGI mode in PHP.

Kingcope said the vulnerability (CVE-2012-1823) can be exploited in Plesk 9.5.4 and earlier versions of the control panel, but Parallels, the Seattle-based maker of the software, has stated otherwise.

On Friday, Craig Bartholomew, the vice president of shared hosting and control panels at Parallels, told SCMagazine.com that version 9.5.4 of the software was not vulnerable due to a CGI wrapper implemented in the software. Instead, the flaw impacts Plesk versions 9.3, 9.2 and 9.0.

The most recent Plesk releases are versions 10 and 11. 

Craig Williams, a researcher at San Jose, Calif.-based communications equipment manufacturer Cisco Systems, explained in a Wednesday blog post that even though the vulnerability affects older versions of Plesk Panel (running on Linux and FreeBSD operating systems), the impact of the exploit could prove serious given how outdated the software is.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.