Fallo grave de seguridad en Plesk mod_php

Nos llega información acerda de una fallo de seguridad en Plesk:

Parallels Plesk Panel 9.x, 10.x, 11.x – Privilege Escalation Vulnerability

Parallels Customer,

Please read this message in its entirety and take the recommended actions.


Parallels Plesk Panel privilege escalation vulnerabilities have been
discovered and are described in VU#310500 and CVE-2013-0132,
CVE-2013-0133 (CVSS score 4.4 –


This impacts Parallels Plesk Panel for Linux versions 9.x, 10.x, 11.x.

You are at risk if you have Apache web server running mod_php,
mod_perl, mod_python, etc.

You are NOT at risk if you have Apache web server running Fast CGI
(PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).


Parallels has issued security updates for Parallels Plesk Panel
versions 9.x-11.x. The security updates for Parallels Plesk Panel 11.x
and Parallels Plesk Panel 10.4.4 will automatically appear inside your
Parallels Plesk Panel control panel – please apply them as soon as

The security hotfix for Parallels Plesk 9.x is available for download
here: http://kb.parallels.com/115942.


Parallels understands that it’s not always practical for immediate
upgrades, so we have provided a solution to fix this vulnerability.
For the immediate solution, customers should read this knowledge base
article for instructions: http://kb.parallels.com/115942.»

Recordamos que para instalar los microupdates de plesk se pueden ejecutar estos comandos :

/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component base
/usr/local/psa/admin/sbin/autoinstaller --select-release-current --upgrade-installed-components