Re: news item

["Pichai Asokan" <pasokan@xxxxxxx>]

Sorry. I was just paraphrasing the headline; and I sent it w/o re-reading.
Of course in the bald way it appears, the mail made it look a lot lot worse
than it is in reality.
P Asokan
----- Original Message -----
From: "Dr. P. Sriram" <sriram@xxxxxxxxxxxxxxxxxx>
To: <ilugc@xxxxxxxxxxxxxxxxxx>
Sent: Thursday, April 27, 2000 8:51 AM
Subject: Re: news item


> On Wed, 26 Apr 2000, Pichai Asokan wrote:
> > http://www.msnbc.com/news/399125.asp
> > There is a serious security hole - a backdoor account in Red Hat Linux.
> > P Asokan
> --------------------------------------------------
>
> well, actually, it is not that bad. the vulnerability comes only if you
> install the piranha package; the package is used for administering a web
> server and is not installed by default - you have to choose clustering or
> install everything to get piranha installed. turns out that the userid for
> piranha is piranha and at install time, the account is setup with a
> password of q. if one runs passwd and changes the password for the piranha
> userid, the problem is gone. also, at worst, the piranha id gets the user
> priveleges of the user running the web server; usually, the web server is
> not run with very high system priveleges and so, it may not be a very
> serious problem (system itself is unlikely to be compromised; the web
> server and hence, web page contents may become vulnerable). of course, if
> web page serving/hosting or web based e-commerce is your line of business,
> then it may be a serious problem to be aware of.
>
> sriram
>
>
> ---
> Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe'
> in either the subject or the body to unsubscribe from this list.
>

---
Send e-mail to 'ilugc-request@xxxxxxxxxxxxxxxxxx' with 'unsubscribe' 
in either the subject or the body to unsubscribe from this list.