[ Thanks to Frank
Earl for this link. ]
“Red Hat’s Piranha software, which lets several Linux
machines share a task such as delivering Web pages, has a
password-protected feature used to control the software. But the
part of the software that checks the password also will run
whatever command an attacker wants, said Mike Wangsmo, director of
the Piranha product.”
“On top of that problem, Red Hat 6.2 shipped with the password
set–username “piranha” and password “q”–meaning that an
administrator couldn’t use the management software in the first
place unless that password were known, Wangsmo said. The product is
supposed to prompt for a password the first time it’s used.”
“Internet Security Systems (ISS), the group that found the
vulnerability, was more critical of the problems, giving it its
most severe rating and saying it could provide a launch pad for a
more severe attack.”