[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PISA-24-APR-00-005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
.------------------------------------------------.
|**** Project Independence Security Advisory ****|
`-----------* ID: PISA-24-APR-00-005 *-----------'
Issued by: David Webster <cog@seul.org>
Issue Date: 24-APR-00
Overview: Backdoor in Linux Virtual Server (LVS) package
Affected: Indy 6.2build before current date
(earlier versions NOT affected)
-=-=-==-=-=-
Detailed Problem Description:
Internet Security Systems (ISS) X-Force has found a backdoor
password in the Piranha-gui product.
Piranha is a collection of utilities used to administer the Linux
Virtual Server. LVS is a scalable and highly available server
designed for large enterprise environments. It allows seamless
clustering of multiple web servers through load balancing, heartbeat
monitoring, redundancy, and fail-over protection. To the end user,
the entire system is completely transparent, appearing as if a
single server is fielding every request.
Piranha ships with a web-based GUI (Piranha-gui) that allows
administrators to configure and monitor the web servers. The
Piranha package contains a backdoor account and password that
may allow a remote attacker access to the LVS web administration
tools. Attackers could then use these tools to cause the
interface to execute their commands against the server. With this
backdoor password, an attacker could potentially compromise the
web server and deface/destroy the entire web site.
The vulnerability is present even if the LVS service isn't in use
on the system. If the "piranha-gui" package is installed and the
password has not been changed by the administrator, the system is
vulnerable.
Solution:
Update the affected RPM packages by downloading and
installing the RPMs listed below. For each RPM, run:
root# rpm -Fvh <filename>
where <filename> is the name of the RPM.
[Note: You need only install EITHER the compiled RPM,
(*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.]
RPMs:
http://independence.seul.org/security/2000/rpms/piranha-0.4.13-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-0.4.13-1.i386.rpm
http://independence.seul.org/security/2000/rpms/piranha-docs-0.4.13-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-docs-0.4.13-1.i386.rpm
http://independence.seul.org/security/2000/rpms/piranha-gui-0.4.13-1.i386.rpm
ftp://updates.redhat.com/6.2/i386/piranha-gui-0.4.13-1.i386.rpm
Source RPMs:
http://independence.seul.org/security/2000/rpms/piranha-0.4.13-1.src.rpm
Verification:
MD5 sum Package Name
- --------------------------------------------------------------------------
ece87b0ed6f01a87b954b980c115aec0 piranha-0.4.13-1.src.rpm
f2db6f165f21f93e9b724a94cd3fc595 piranha-0.4.13-1.i386.rpm
bd54eb595f2a535e52486e799715ce00 piranha-docs-0.4.13-1.i386.rpm
ad9fb552616a221db26b92b668211a30 piranha-gui-0.4.13-1.i386.rpm
- --------------------------------------------------------------------------
These packages are GPG signed by Red Hat, Inc. for security.
Their key is available at: http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg <filename>
This security advisory, and all future ones should be signed by me,
David Webster (aka cognition), with key ID: 45 FA C2 83
An archive of these messages can be currently be found on:
http://independence.seul.org/security/
[Note: This vulnerability was discovered by Allen Wilson if ISS]
.---------------------------------------------------.
| And problems regarding this, or future advisories |
| should be emailed to me: <cog@seul.org> |
`---------------------------------------------------'
-----BEGIN PGP SIGNATURE-----
Comment: David Webster (aka cogNiTioN) <http://www.cognite.net/>
iD8DBQE5BMWYDdLNO0X6woMRAgYOAJ9IuK89k2YzjAR6qTDyuBJix39oxACffxPL
dmhqG9cyP5NDWrfhTRufu2g=
=bdcS
-----END PGP SIGNATURE-----