MSNBC: Red Hat open to backdoor passwordApr 25, 2000, 11:03 (6 Talkback[s])
(Other stories by Bob Sullivan)
"The vulnerability was discovered by researchers at Internet Security Systems earlier this month; it has since been fixed by Red Hat, but any user running Red Hat's most recent Linux distribution should download and install the fix, the company said."
"The account and password that can be exploited are actually associated with Red Hat's 'Piranha' product, a collection of utilities that simplify some Webmaster administration tasks. Armed with the password, a computer intruder sitting at any Web browser could access the Piranha utilities console for a Red Hat-run Web site."
"...Only Red Hat users who have installed the Piranha component are vulnerable. Piranha is installed only if a Red Hat user specifically selects clustering functions when installing the software - or if a user chooses "install all." But a user need not actually use the utility for the vulnerability to be exploited.