PT-2013-2119 · Parallels · Parallels Plesk Panel

Ronald Volgers

Publicado

2013-04-18

Atualizado

2013-04-19

CVE-2013-0133

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 11.0.9

Description The issue is related to an untrusted search path vulnerability in the /usr/local/psa/admin/sbin/wrapper component. This vulnerability allows local users to gain privileges by crafting the PATH environment variable.

Recommendations For Parallels Plesk Panel version 11.0.9, consider restricting access to the /usr/local/psa/admin/sbin/wrapper component until a patch is available. As a temporary workaround, avoid using the PATH environment variable in sensitive operations to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2013-0133

Produtos afetados

Parallels Plesk Panel

PT-2013-2119 · Parallels · Parallels Plesk Panel

CVE-2013-0133

Identificadores relacionados

Produtos afetados

Referências · 3