All the latest UK technology news, reviews and analysis
|
|
|
26 Apr 2000
A team of internet security researchers say they have found a serious security hole in a popular Linux web server that could allow an attacker to compromise and destroy a website.
According to the Internet Security Systems X-Force team, there is a backdoor in Red Hat's Linux that would let a computer intruder access and alter files on some computers running the company's most recent version of Linux.
Further reading
The discovery could not come at a worse time for Red Hat which has been attempting to persuade customers that its Linux is a good foundation for corporate operations.
Piranha is a package distributed by Red Hat that contains Linux Virtual Server software, a web-based graphical user interface and monitoring and fail-over components. A backdoor password exists in the interface portion, Version 0.4.12 of Piranha-GUI, that may allow remote attackers to execute commands on the server.
If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote or local user may login to the web interface. From there, parameters can be changed and arbitrary commands can be executed with the same privilege as that of the web server.
Only Red Hat users who have installed the Piranha component are vulnerable. Piranha is installed only if a Red Hat user specifically selects clustering functions when installing the software or if a user chooses 'install all'.
The X-Force team discovered the vulnerability and has been working with Red Hat to create a 'fix'. The security risk has been given a five rating on a scale from one to five, where five is the most severe.
Chris Rouland, director of Internet Security Systems' research team, said: "This is a very high risk. It gives people the same rights as the web server itself."
Rouland said he does not believe that the backdoor was installed with malicious intent, but that it is an "engineering mistake".
Red Hat has provided updated Piranha, Piranha-doc and Piranha GUI packages and recommends administrators be sure that a new password is installed following installation.
Latest stories from Operating Systems
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
IT Support Analyst - Active Directory, Windows 7, MS...
Helpdesk / Desktop Support Analyst (Windows 7, MAC, Windows...
Infrastructure / Server Support Analyst - 3rd Line, Windows...
Credit Risk Modeller, SAS, London, £50,000 Title- Credit...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?