 |
|
| technology > computing |
![[CNN Money]](http://i.cnn.net/cnn/images/main/fn.logo.newsnet.gif){kind=logo}
![[SI.com]](http://i.cnn.net/cnn/images/main/si.logo.gif){kind=logo}
( | |
 |
|
| |
| |
EDITIONS: | |
MULTIMEDIA: | |
E-MAIL: |
Subscribe to one of our news e-mail lists. Enter your address: |
DISCUSSION: |
CNN WEB SITES: |
 |
TIME INC. SITES: |
CNN NETWORKS: |
|
SITE INFO: |
WEB SERVICES: |
Security firm warns of Red Hat Piranha 'back door'
|
(IDG) -- Internet Security Systems Inc. (ISS) says it has identified a backdoor password in the Red Hat Linux Piranha product that could allow an attacker to compromise a Web server and deface and destroy a Web site.
Piranha is a package distributed by Durham, N.C.-based Red Hat Inc. that contains Linux Virtual Server (LVS) software, a Web-based graphical user interface (GUI) and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha, Version 0.4.12 of piranha-gui that may allow remote attackers to execute commands on the server.
 | MESSAGE BOARD | |
|
| ||
If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may log in to the LVS Web interface. From there, LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the Web server.
| MORE COMPUTING INTELLIGENCE |
IDG.net home page
|
| Computerworld's home page |
| Computerworld Year 2000 resource center |
| Computerworld's online subscription center |
| IDG.net's product reviews page |
The current distribution of Red Hat Linux 6.2 distribution is vulnerable.
Red Hat has provided updated piranha, piranha-doc and piranha-gui packages, 0.4.13-1. ISS X-Force recommends to its customers that these patches be installed immediately. The updated piranha-gui package addresses the password and arbitrary command execution vulnerability. After upgrading to piranha 0.4.13-1, users should ensure that a password is set by logging into the piranha Web gui and setting one, the security firm advised.
The updated packages are available on the Red Hat Web site, with version number 0.4.13-1.
RELATED STORIES:
Technology - All-in-one security device
February 24, 2000
NSA grapples with Linux security
January 18, 2000
Clinton fights hackers, with a hacker
February 15, 2000
Banks warned of impending Web attacks days before they happened
February 15, 2000
FBI follows Internet chat room leads in hacker probe
February 15, 2000
Web site attackers exploited Stanford computers
February 12, 2000
Consulting firm says its server was used to attack AOL
February 11, 2000
RELATED IDG.net STORIES:
Red Hat launches e-commerce, Net device systems
Computerworld
Red Hat 6.2 preview
LinuxWorld
Will Yopy be the Linux PDA?
LinuxWorld
Linux: No longer a rock star?
Industry Standard
A brief history of Linux
Industry Standard
RELATED SITES:
Internet Security Systems Inc. (ISS)
Red Hat
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.