| VID |
21193 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The 'piranha' package is installed on the host. This package, as it is distributed with Linux RedHat 6.2, comes with the default login/password combination 'piranha/q' (or piranha/piranha). An attacker may use it to reconfigure the Linux Virtual Server. And in conjunction with flaws in the passwd.php3 script (also part of piranha) will also allow the attacker to execute arbitrary commands on the machine. Any server which has piranha-gui 0.4.12 installed, which is the default for Red Hat 6.2, is vulnerable. |
| Recommendation |
Upgrade the piranha package to version 0.4.14-1 or later, as listed in Red Hat Security Advisory RHSA-2000:014-10, "Piranha web GUI exposure" at http://www.redhat.com/support/errata/RHSA-2000014-16.html |
| Related URL |
CVE-2000-0248 (CVE) |
| Related URL |
1148 (SecurityFocus) |
| Related URL |
4299 (ISS) |
|
