According to the Internet Security Systems X-Force team, there is a backdoor in Red Hat’s Linux that would let a computer intruder access and alter files on some computers running the company’s most recent version of Linux.
The discovery could not come at a worse time for Red Hat which has been attempting to persuade customers that its Linux is a good foundation for corporate operations.
Piranha is a package distributed by Red Hat that contains Linux Virtual Server software, a web-based graphical user interface and monitoring and fail-over components.
A backdoor password exists in the interface portion, Version 0.4.12 of Piranha-GUI, that may allow remote attackers to execute commands on the server.
If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote or local user may login to the web interface. From there, parameters can be changed and arbitrary commands can be executed with the same privilege as that of the web server.
Only Red Hat users who have installed the Piranha component are vulnerable. Piranha is installed only if a Red Hat user specifically selects clustering functions when installing the software or if a user chooses ‘install all’.
The X-Force team discovered the vulnerability and has been working with Red Hat to create a ‘fix’. The security risk has been given a five rating on a scale from one to five, where five is the most severe.
Chris Rouland, director of Internet Security Systems’ research team, said: “This is a very high risk. It gives people the same rights as the web server itself.”
Rouland said he does not believe that the backdoor was installed with malicious intent, but that it is an “engineering mistake”.
Red Hat has provided updated Piranha, Piranha-doc and Piranha GUI packages and recommends administrators be sure that a new password is installed following installation.
If businesses do not take cyber security seriously in their business planning regulators may do it for them, the ICAEW has warned
The Financial Reporting Council has issued guidance regarding the annual reporting of 1,200 large and smaller listed companies. The letter highlighted the key issues and improvements that can be made in the 2016 reporting season
Deloitte's north-west Europe foray; BDO, Smith & Williamson investment paths; Shelley Stock Hutter; and Wilkins Kennedy discussed by editor Kevin Reed on our Friday Afternoon Live broadcast
Company bosses are considering relocating operations or headquarters away from the UK following the country's decision to leave the European Union