“The vulnerability was discovered by researchers at Internet
Security Systems earlier this month; it has since been fixed by Red
Hat, but any user running Red Hat’s most recent Linux distribution
should download and install the fix, the company said.“
“The account and password that can be exploited are actually
associated with Red Hat’s ‘Piranha’ product, a collection of
utilities that simplify some Webmaster administration tasks. Armed
with the password, a computer intruder sitting at any Web browser
could access the Piranha utilities console for a Red Hat-run Web
site.”
“…Only Red Hat users who have installed the Piranha component
are vulnerable. Piranha is installed only if a Red Hat user
specifically selects clustering functions when installing the
software – or if a user chooses “install all.” But a user need not
actually use the utility for the vulnerability to be exploited.