Bugtraq mailing list archives
Re: piranha default password/exploit
From: msw () REDHAT COM (Matt Wilson)
Date: Thu, 27 Apr 2000 00:26:11 -0400
On Tue, Apr 25, 2000 at 06:36:52PM -0700, CDI wrote:
OK, so they've fixed the poorly thought out system call that led to this compromise, but I'd suggest a change to the RPM spec file for the next build. Something like this should work? (Philip?) - force them to set a password during the installation process...
Sorry, interactive RPMS are not supported at all. If you were to do this, the installer would hang during the installation of the piranha package, waiting for input on a virtual console that the user will never see. We prefer to leave web administration interfaces such as piranha and linuxconf disabled by default. The latest package of piranha (piranha-0.4.14-1.i386.rpm) disables the web interface until enabled by the system administrator. Matt -- msw () redhat com Installer Developer OS Development, Red Hat Inc.
Current thread:
- Re: Alert: Cart32 secret password backdoor (CISADV000427), (continued)
- Re: Alert: Cart32 secret password backdoor (CISADV000427) Bill Borton (Apr 28)
- Re: Alert: Cart32 secret password backdoor (CISADV000427) Knud Erik Højgaard (Mar 30)
- Re: Solaris 7 x86 lpset exploit. Jor (Apr 27)
- Re: Solaris 7 x86 lpset exploit. Casper Dik (Apr 28)
- Re: piranha default password/exploit Cristian Gafton (Apr 25)
- Re: piranha default password/exploit CDI (Apr 25)
- Re: piranha default password/exploit Matt Wilson (Apr 26)
- fingerd Psarras Nikos (Apr 27)
- Re: fingerd Brock Sides (Apr 27)
- Re: fingerd Jeremy Rauch (Apr 27)
- Cartfix Secret Backdoor Patch tool for cart32 Weld Pond (Apr 27)
- Re: ISS Security Advisory: Backdoor Password in Red Hat Linux Virtual Server Package Cristian Gafton (Apr 25)