Backdoor Password in Red Hat Linux Virtual Server Package
----------------------------------------------------------------------------
----
SUMMARY
Internet Security Systems (ISS) X-Force has identified a backdoor password
in the Red Hat Linux Piranha product. Piranha is a package distributed by
Red Hat, Inc. that contains the Linux Virtual Server (LVS) software, a
web-based GUI, and monitoring and fail-over components. A backdoor
password exists in the GUI portion of Piranha that may allow remote
attackers to execute commands on the server. If an affected version of
Piranha is installed and the default backdoor password remains unchanged,
any remote as well as local user may login to the LVS web interface. From
here LVS parameters can be changed and arbitrary commands can be executed
with the same privilege as that of the web server.
DETAILS
Impact:
With this backdoor password, an attacker could compromise the web server
as well as deface and destroy the web site.
Affected Versions:
Piranha is distributed in three Red Hat Package Managers (RPMs):
"piranha", "piranha-gui", and "piranha-docs". The vulnerability is present
if version 0.4.12 of piranha-gui is installed.
The current distribution of Red Hat Linux 6.2 distribution is vulnerable.
Earlier versions of the Red Hat distribution do not contain this
vulnerability.
Description:
Piranha is a collection of utilities used to administer the Linux Virtual
Server. LVS is a scalable and highly available server designed for large
enterprise environments. It allows seamless clustering of multiple web
servers through load balancing, heartbeat monitoring, redundancy, and
fail-over protection. To the end user, the entire system is completely
transparent, appearing as if a single server is fielding every request.
Piranha is shipped with a web-based GUI that allows system administrators
to configure and monitor the cluster. The Piranha package contains an
undocumented backdoor account and password that may allow a remote
attacker access to the LVS web administration tools. Attackers could use
these tools to cause the interface to execute arbitrary commands against
the server. Commands are executed with the same privilege level of the web
server, which varies based on the configuration of the system.
The vulnerability is present even if the LVS service is not used on the
system. If the affected "piranha-gui" package is installed and the
password has not been changed by the administrator, the system is
vulnerable.
Recommendations:
Red Hat has provided updated piranha, piranha-doc, and piranha-gui
packages 0.4.13-1. ISS X-Force recommends that these patches be installed
immediately. The updated piranha-gui package addresses the password and
arbitrary command execution vulnerability. After upgrading to piranha
0.4.13-1 users should ensure that a password is set by logging into the
piranha web gui and setting one.
The updated packages are available on <ftp://updates.redhat.com/6.2>
ftp://updates.redhat.com/6.2, and their version number is 0.4.13-1.
ADDITIONAL INFORMATION
The information was provided by: <mailto:[EMAIL PROTECTED]> X-Force.
-------
AFLHI 058009990407128029/089802---(102598//991024)
--------------------------------------------------------------------------
Utk berhenti langganan, kirim email ke [EMAIL PROTECTED]
Informasi arsip di http://www.linux.or.id/milis.php3
Pengelola dapat dihubungi lewat [EMAIL PROTECTED]
