lug-bg: Security hole
- Subject: lug-bg: Security hole
- From: peterg@xxxxxxxxxxxxx (Peter Georgiev)
- Date: Sat, 29 Apr 2000 10:31:21 -0000
Linux open to backdoor password
Tue, 25 Apr 2000 13:15:37 GMT ZDNN US
A backdoor was found in Red Hat's Linux but the company downplays it,
saying few systems have the offending component installed
A team of Internet security researchers say they've found a serious
security hole in the most popular distribution of the Linux operating
system.
According to Internet Security Systems, there's a backdoor account in
Red Hat's Linux that would let a computer intruder access and alter
files on some computers running Red Hat's most recent version of Linux.
But a spokesperson for Red Hat downplayed the flaw, saying few Red Hat
users had been exposed to it.
The vulnerability was discovered by researchers at Internet Security
Systems earlier this month; it has since been fixed by Red Hat, but any
user running Red Hat's most recent Linux distribution should download
and install the fix, the company said.
The account and password that can be exploited are actually associated
with Red Hat's "Piranha" product, a collection of utilities that
simplify some Webmaster administration tasks. Armed with the password,
a computer intruder sitting at any Web browser could access the Piranha
utilities console for a Red Hat-run Web site.
A second flaw, also discovered by Internet Security Systems, could then
allow a user to gain full control of the computer. In this second flaw,
an intruder working inside the Piranha console can select the "change
password" option, then tack a line of computer instructions on the end
of the new password. The code, which can do anything the Web server
itself can do, will then be executed by the computer, according to
researcher Allen Wilson, who discovered both flaws.
"This is a very high risk," said Chris Rouland, director of Internet
Security Systems' research team. "It gives people the same rights as
the Web server itself. That means, for example, at an e-commerce site
someone could connect to the customer databases connected to that Web
server. And of course, it's wide open for defacement."
Only Red Hat users who have installed the Piranha component are
vulnerable. Piranha is installed only if a Red Hat user specifically
selects clustering functions when installing the software -- or if a
user chooses "install all." But a user need not actually use the
utility for the vulnerability to be exploited.
Red Hat's director of clustering technology, Mike Wangsmo, said
relatively few Red Hat users have the component installed on their
computers. Further, he disagreed with the description of the flaw as a
backdoor. According to Wangsmo, there's only one legitimate user name
for Piranha -- that being "piranha" -- and the password was
accidentally set to "Q" as default by Red Hat developers. A computer
intruder who knew that could gain access to some Red Hat boxes, but
only if the Webmaster had failed to reset the password during
installation -- a standard security practice.
"It's unfortunate but certainly not life-shattering," he said. "Someone
who didn't reset their password is vulnerable."
Rouland said "X-force" researcher Wilson discovered the backdoor during
a standard review of Red Hat's Linux source code, which is freely
available. The user name and password were embedded in the code.
"Anybody else who's viewed the source code could have found the
vulnerability and been exploiting it all along," he said. "This one was
so easy to find I would think people would have found it and exploited
it.... I think people will figure it out very quickly."
==================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
Otpiswaneto RABOTI !!! : Majordomo@xxxxxxxxxxxxxxxxxx UNSUBSCRIBE LUG-BG
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
|