Linux open to backdoor password
Rogue account makes Red Hat's version vulnerable
By Bob Sullivan
MSNBC
April 24 - A team of Internet security researchers say they've found a serious security hole in the most popular distribution of the Linux operating system. According to Internet Security Systems Inc., there's a backdoor account in Red Hat's Linux that would let a computer intruder access and alter files on most computers running Red Hat's most recent version of Linux. But a spokesperson for Red Hat downplayed the flaw, saying few Red Hat users had been exposed to it.
THE BACKDOOR PASSWORD was discovered by researchers at Internet Security Systems last month; it has since been fixed by Red Hat, but any user running their most recent Linux distribution should download and install the fix, the company said.
The backdoor account and password is actually associated with Red Hat's Piranha product, a collection of utilities which simplify some common Webmasters administration tasks. Armed with that backdoor username and password, a computer intruder can access the Piranha utilities, and then gain full access to the Web server. The intruder does not have full access to the entire network at that point, but this second step is often trivial, according to Chris Rouland, director of the Internet Security Systems research group which found the flaw.
'This is a very high risk,' he said. 'It gives people the same rights as the Web server itself. That means, for example, at an e-commerce site someone could connect to the customer databases connected to that Web server. And of course, it's wide open for defacement.'
Only Red Hat users who have installed the Piranha component are vulnerable. Rouland said that would include any Red Hat user who accepted the standard installation.
'Install all' can be a dangerous choice, Rouland said.
But Red Hat's Director of Clustering Technology, Mike Wangsmo, said Piranha is not installed by default, and relatively few Red Hat users have the component installed on their computers. Further, he disagreed with the description of the flaw as a backdoor. According to Wangsmo, there's only one legitimate user name for Piranha that being 'piranha' and the password was accidentally set to 'Q' as default by Red Hat developers. A computer intruder who knew that could gain access to some Red Hat boxes, but only if the Webmaster had failed to reset the password during installation a standard security practice.
It's unfortunate but certainly not life-shattering, he said. Someone who didn't reset their password is vulnerable.
Rouland said 'X-force' researcher Allen Wilson discovered the backdoor in March during a standard review of Red Hat's Linux source code, which is freely available. The rogue user name and password were embedded in the code.
'Anybody else who's viewed the source code could have found the vulnerability and been exploiting it all along,' he said. 'This one was so easy to find I would think people would have found it and exploited it...I think people will figure it out very quickly.'
The updated Red Hat software can be downloaded from ftp://updates.redhat.com/6.2>.
|
