Internet Security Systems (ISS) says it has identified a backdoor password in the Red Hat Linux Piranha product that could allow an attacker to compromise a Web server and deface and destroy a Web site.
Piranha is a package distributed by Red Hat that contains Linux Virtual Server (LVS) software, a Web-based graphical user interface (GUI) and monitoring and fail-over components. A backdoor password exists in the GUI portion of Piranha, Version 0.4.12 of piranha-gui that may allow remote attackers to execute commands on the server.
If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote as well as local user may log in to the LVS Web interface. From there, LVS parameters can be changed and arbitrary commands can be executed with the same privilege as that of the Web server.
The current distribution of Red Hat Linux 6.2 distribution is vulnerable.
Red Hat has provided updated piranha, piranha-doc and piranha-gui packages, 0.4.13-1. ISS X-Force recommends to its customers that these patches be installed immediately. The updated piranha-gui package addresses the password and arbitrary command execution vulnerability. After upgrading to piranha 0.4.13-1, users should ensure that a password is set by logging into the piranha Web gui and setting one, the security firm advised.
The updated packages are available on the Red Hat Web site, with version number 0.4.13-1.