Bugtraq mailing list archives

Piranha password file

From: frostman () SECUREACCESS INTRANETS COM (frostman () SECUREACCESS INTRANETS COM)
Date: Fri, 2 Jun 2000 12:29:38 -0700


Looking at the default install of Piranha on RH 6.2 the password file is world readable and encrypted with standard 
DES. Hence any user with a shell account can download this password file and crack it in turn giving them access to the 
Piranha configuration and probably more. I'm still testing to see what else can be gained. I looked over the previous 
advisories on your site and Red Hat's and this wasn't mentioned.

_________________________________________________________________
Get your own free, private space on the Web at www.intranets.com.

Current thread:

Re: IBM HTTP SERVER / APACHE typo () INFERNO TUSCULUM EDU (Jun 01)
- <Possible follow-ups>
- Re: IBM HTTP SERVER / APACHE H D Moore (Jun 01)
  - Re: IBM HTTP SERVER / APACHE Luke Harless (Jun 01)
  - Security Administration comes to LISA 2000 Cat Okita (Jun 01)
  - Remote DoS attack in RealServer: USSR-2000043 David Cotter (Jun 01)
  - ipx storm Jacek Lipkowski (Jun 02)
  - Microsoft Security Bulletin (MS00-032) Microsoft Product Security (Jun 02)
  - Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Ussr Labs (Aug 02)
    - Piranha password file frostman () SECUREACCESS INTRANETS COM (Jun 02)
    - Re: Piranha password file arkth (Jun 08)
    - Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Alfred Perlstein (Jun 02)
    - New Allaire Security Zone Bulletins Aleph One (Jun 08)
- Re: IBM HTTP SERVER / APACHE . Hecix (Jun 02)
- Re: IBM HTTP SERVER / APACHE Marc Slemko (Jun 03)