Slashdot: Default Behavior: Piranha vs. Microsoft SQL Server | Linux Today

Slashdot: Default Behavior: Piranha vs. Microsoft SQL Server

Written By
Web Webster
Web Webster
Aug 21, 2000

[ Thanks to Nate Case
for this link. ]

“Do you remember the Piranha debacle back in April? Welcome to
Part II. Last Tuesday, it was revealed that Microsoft SQL
Server 7.0 is shipped with a default password – just like Red Hat’s
piranha module. Unlike Piranha, SQL Server is very common software
for large e-business websites. Unlike Piranha, the vulnerable
software has been shipping for months. Unlike Red Hat, Microsoft
refuses to take responsibility for their mistake, which, unlike Red
Hat’s, has resulted in actual documented break-ins, some at
high-profile websites. So why haven’t you read about it?

“Because unlike Red Hat, Microsoft is getting a pass by the
media.”

“Piranha is web clustering/failover software that was released
in April by Red Hat without much QA. It somehow went out the door
with a default password (“Q”) and without docs explaining in big
bold caps that it must be changed. If you installed the Piranha RPM
without reading the docs carefully, you had a security hole on your
site.”

“The hole allowed an attacker to come in over port 80 and
execute arbitrary commands as the Piranha user, which would have
been the web user. Typically that’s a nonprivileged “nobody”
account. While this is never good, let’s just note for the record
that this is a read-only exploit unless the webserver is very
poorly configured.

“The media flipped, in a word, out.”

Complete
Story

Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.