Results 1 to 2 of 2

Thread: Security Notice - EXIM ProFTPD Vulnerable

  1. #1
    Join Date
    Jul 2009
    Location
    New York
    Posts
    465

    Default Security Notice - EXIM ProFTPD Vulnerable

    I received this email and I thought it should be posted in the forums. Here is the full email:

    If you are using Exim or ProFTPD, please read this notice
    carefully. Your VPS account could be at risk.
    ************************************************** ***************

    Dear Cwewmpz,

    Recent vulnerabilities have been discovered in:

    - Exim
    - some versions of ProFTPD bundled with Plesk

    If unpatched, the vulnerabilities will allow anonymous
    unauthenticated users full access to your VPS. We are
    recommending all VPS operators check for updates for the
    Exim email server and the ProFTPD FTP server.

    Before performing an update to your VPS please verify you have
    downloaded a backup of your VPS configurations and data.

    Details about updating ProFTPD are available at:
    Parallels Plesk Panel PROFTPD

    The details involve running the Plesk autoinstaller to download
    and install the ProFTPD update.

    Details about updating Exim are shown below.

    The following commands can be run by logging into your VPS with
    an SSH client such as PuTTY.

    - Users with Cpanel can upgrade Exim by running the command
    `/scripts/eximup`

    - Users with Debian Lenny or Ubuntu can upgrade Exim by first
    running `apt-get update` and then `apt-get upgrade`

    - Users with Centos or Fedora can upgrade Exim by running
    `yum update`

    If you are unsure whether your VPS is running Debian, Ubuntu,
    Centos, or Fedora, this information is usually displayed in
    the VPS Control Center at:
    http://www.vpslink.com/controlpanel/...trolcenter.bml

    Alternatively, you can run `cat /etc/issue` from an SSH
    command prompt.

    If you have any questions, please call our VPS hotline at
    877-447-9872, or submit a new request in your Support Console:
    http://www.vpslink.com/member/sconsole

    Best wishes,
    The VPSLink Team
    Happily on a Link3. Feel free to request a refferal code that takes a 10% lifetime discount off your hosting.
    Please open a SUPPORT TICKET AND CALL vpslink to resolve your vpslink problems FIRST
    I am a CUSTOMER Only. Any vpslink issues should be directed to Matt@VPSLink and/or Michael@VPSLink

  2. #2
    Join Date
    Jun 2010
    Posts
    9

    Default

    Ubuntu 9.04 is no longer officially supported and looking around I couldn't see any exim updates for it. When I noticed a remote shell exploit attempt against my VPS a few days ago (thwarted by iptables rules), I applied the relevant patch and rebuilt it myself - if anyone wants the source or .deb, let me know and I'll upload it somewhere.

    S.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •