ad info

 
CNN.com  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  

 

  Search
 
 

 
TECHNOLOGY
TOP STORIES

Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent

(MORE)

TOP STORIES

More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections

(MORE)

MARKETS
4:30pm ET, 4/16
144.70
8257.60
3.71
1394.72
10.90
879.91
 


WORLD

U.S.

POLITICS

LAW

ENTERTAINMENT

HEALTH

TRAVEL

FOOD

ARTS & STYLE



(MORE HEADLINES)
*
 
CNN Websites
Networks image


Security firm warns of Red Hat Piranha 'back door'

Computerworld

April 27, 2000
Web posted at: 9:55 a.m. EDT (1355 GMT)

(IDG) -- Internet Security Systems Inc. (ISS) says it has identified a backdoor password in the Red Hat Linux Piranha product that could allow an attacker to compromise a Web server and deface and destroy a Web site.

Piranha is a package distributed by Durham, N.C.-based Red Hat Inc. that contains Linux Virtual Server (LVS) software, a Web-based graphical user interface (GUI) and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha, Version 0.4.12 of piranha-gui that may allow remote attackers to execute commands on the server.

  MESSAGE BOARD
 

If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may log in to the LVS Web interface. From there, LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the Web server.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Computerworld's home page
  Computerworld Year 2000 resource center
  Computerworld's online subscription center
  IDG.net's product reviews page

The current distribution of Red Hat Linux 6.2 distribution is vulnerable.

Red Hat has provided updated piranha, piranha-doc and piranha-gui packages, 0.4.13-1. ISS X-Force recommends to its customers that these patches be installed immediately. The updated piranha-gui package addresses the password and arbitrary command execution vulnerability. After upgrading to piranha 0.4.13-1, users should ensure that a password is set by logging into the piranha Web gui and setting one, the security firm advised.

The updated packages are available on the Red Hat Web site, with version number 0.4.13-1.




RELATED STORIES:
Technology - All-in-one security device
February 24, 2000
NSA grapples with Linux security
January 18, 2000
Clinton fights hackers, with a hacker
February 15, 2000
Banks warned of impending Web attacks days before they happened
February 15, 2000
FBI follows Internet chat room leads in hacker probe
February 15, 2000
Web site attackers exploited Stanford computers
February 12, 2000
Consulting firm says its server was used to attack AOL
February 11, 2000

RELATED IDG.net STORIES:
Red Hat launches e-commerce, Net device systems
Computerworld
Red Hat 6.2 preview
LinuxWorld
Will Yopy be the Linux PDA?
LinuxWorld
Linux: No longer a rock star?
Industry Standard
A brief history of Linux
Industry Standard

RELATED SITES:
Internet Security Systems Inc. (ISS)
Red Hat

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.