PracticePeople In PracticeLinux security hole discovered

Linux security hole discovered

A team of internet security researchers say they have found a serious security hole in a popular Linux web server that could allow an attacker to compromise and destroy a website.

According to the Internet Security Systems X-Force team, there is a backdoor in Red Hat’s Linux that would let a computer intruder access and alter files on some computers running the company’s most recent version of Linux.

The discovery could not come at a worse time for Red Hat which has been attempting to persuade customers that its Linux is a good foundation for corporate operations.

Piranha is a package distributed by Red Hat that contains Linux Virtual Server software, a web-based graphical user interface and monitoring and fail-over components.

A backdoor password exists in the interface portion, Version 0.4.12 of Piranha-GUI, that may allow remote attackers to execute commands on the server.

If an affected version of Piranha is installed and the default backdoor password remains unchanged, any remote or local user may login to the web interface. From there, parameters can be changed and arbitrary commands can be executed with the same privilege as that of the web server.

Only Red Hat users who have installed the Piranha component are vulnerable. Piranha is installed only if a Red Hat user specifically selects clustering functions when installing the software or if a user chooses ‘install all’.

The X-Force team discovered the vulnerability and has been working with Red Hat to create a ‘fix’. The security risk has been given a five rating on a scale from one to five, where five is the most severe.

Chris Rouland, director of Internet Security Systems’ research team, said: “This is a very high risk. It gives people the same rights as the web server itself.”

Rouland said he does not believe that the backdoor was installed with malicious intent, but that it is an “engineering mistake”.

Red Hat has provided updated Piranha, Piranha-doc and Piranha GUI packages and recommends administrators be sure that a new password is installed following installation.

WAP: What’s it all about?

Related Articles

Is inefficiency stealing your time and money?

Accounting Firms Is inefficiency stealing your time and money?

6m Emma Smith, Managing Editor
CIMA elects new president

Institutes CIMA elects new president

6m Emma Smith, Managing Editor
Transparent currency trade: How to achieve costs visibility

Governance Transparent currency trade: How to achieve costs visibility

6m Emma Smith, Managing Editor
Introduction to KPMG UK’s new leadership team

Accounting Firms Introduction to KPMG UK’s new leadership team

6m Emma Smith, Managing Editor
EY appoints head of UK Infrastructure Asset Intelligence practice

Accounting Firms EY appoints head of UK Infrastructure Asset Intelligence practice

8m Emma Smith, Managing Editor
FRP Advisory expands operation with new office, partner appointments

Accounting Firms FRP Advisory expands operation with new office, partner appointments

10m Emma Smith, Managing Editor
Magma Group announces merger, partner promotions

Accounting Firms Magma Group announces merger, partner promotions

10m Emma Smith, Managing Editor
MHA MacIntyre Hudson advises on management buy-out

Accounting Firms MHA MacIntyre Hudson advises on management buy-out

10m Emma Smith, Managing Editor