Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


CNET News.com: Red Hat glitch leaves Web servers wide open

Apr 26, 2000, 01:11 (3 Talkback[s])
(Other stories by Stephen Shankland)

[ Thanks to Frank Earl for this link. ]

"Red Hat's Piranha software, which lets several Linux machines share a task such as delivering Web pages, has a password-protected feature used to control the software. But the part of the software that checks the password also will run whatever command an attacker wants, said Mike Wangsmo, director of the Piranha product."

"On top of that problem, Red Hat 6.2 shipped with the password set--username "piranha" and password "q"--meaning that an administrator couldn't use the management software in the first place unless that password were known, Wangsmo said. The product is supposed to prompt for a password the first time it's used."

"Internet Security Systems (ISS), the group that found the vulnerability, was more critical of the problems, giving it its most severe rating and saying it could provide a launch pad for a more severe attack."

Complete Story

Related Stories: