|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Security firm warns of Red Hat Piranha 'back door'
(IDG) -- Internet Security Systems Inc. (ISS) says it has identified a backdoor password in the Red Hat Linux Piranha product that could allow an attacker to compromise a Web server and deface and destroy a Web site.
Piranha is a package distributed by Durham, N.C.-based Red Hat Inc. that contains Linux Virtual Server (LVS) software, a Web-based graphical user interface (GUI) and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha, Version 0.4.12 of piranha-gui that may allow remote attackers to execute commands on the server.
If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may log in to the LVS Web interface. From there, LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the Web server.
The current distribution of Red Hat Linux 6.2 distribution is vulnerable.
Red Hat has provided updated piranha, piranha-doc and piranha-gui packages, 0.4.13-1. ISS X-Force recommends to its customers that these patches be installed immediately. The updated piranha-gui package addresses the password and arbitrary command execution vulnerability. After upgrading to piranha 0.4.13-1, users should ensure that a password is set by logging into the piranha Web gui and setting one, the security firm advised.
The updated packages are available on the Red Hat Web site, with version number 0.4.13-1.
Technology - All-in-one security device
RELATED IDG.net STORIES:
Red Hat launches e-commerce, Net device systems
Internet Security Systems Inc. (ISS)
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.