[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: news item



On Wed, 26 Apr 2000, Pichai Asokan wrote:
> http://www.msnbc.com/news/399125.asp
> There is a serious security hole - a backdoor account in Red Hat Linux.
> P Asokan
--------------------------------------------------

well, actually, it is not that bad. the vulnerability comes only if you
install the piranha package; the package is used for administering a web
server and is not installed by default - you have to choose clustering or
install everything to get piranha installed. turns out that the userid for
piranha is piranha and at install time, the account is setup with a
password of q. if one runs passwd and changes the password for the piranha
userid, the problem is gone. also, at worst, the piranha id gets the user
priveleges of the user running the web server; usually, the web server is
not run with very high system priveleges and so, it may not be a very
serious problem (system itself is unlikely to be compromised; the web
server and hence, web page contents may become vulnerable). of course, if
web page serving/hosting or web based e-commerce is your line of business,
then it may be a serious problem to be aware of. 

sriram


---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.