Doh! RedHat Backdoor....
Posted on: 04/25/2000 04:27 PM

Zdnet had some interesting and important news postage this morning. They are reporting that RedHat's latest has a nasty backdoor in its new "Piranha" project, a collection of utilities that "simplify" some Webmaster admin tasks.
A second flaw, also discovered by the Internet Security Systems, could then allow a user to gain full control of the computer. In this second flaw, an intruder working inside the Piranha console can select the "change password" option, then tack a line of computer instructions on the end of the new password. The code, which can do anything the Web server itself can do, will then be executed by the computer...
This problem only arises if you specifically install the clustering functions, or if you choose "Install all". RedHat of course is downplaying the incident... Get the patch as soon as its available. You can check the rest of the story out here.




Printed from 2CPU.com (http://www.2cpu.com/contentteller.php?ct=news&action=story&page=doh_redhat_backdoor.html)