-----BEGIN PGP SIGNED MESSAGE------ ---------------------------------------------------------------------                   Red Hat, Inc. Security Advisory

Synopsis:          Piranha web GUI exposure
Advisory ID:       RHSA-2000:014-16
Issue date:        2000-04-18
Updated on:        2000-04-26
Product:           Red Hat Linux
Keywords:          piranha
Cross references:  php
- ---------------------------------------------------------------------1. Topic:

The GUI portion of Piranha may allow any remote attacker to execute
commands on the server. This may allow a remote attacker to launch
additional exploits against a web site from inside the web server.

This is an updated release that disables Piranha's web GUI interface
unless the site administrator enables it explicitly.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - i386 alpha sparc

3. Problem description:

When Piranha is installed, it generates a 'secure' web interface ID using
the HTML .htaccess method. The information for the account is placed in
/home/httpd/html/piranha/secure/passwords which was supposed to be
released with a blank password. Unfortunately, the password that is
actually on the CD is 'Q'.

The original intent was that, when the administrator installed Piranha
rpms onto their box, that they would change the default blank password to
a password of their own choosing.

This is not a hidden account. Its only use is to protect the web pages
from unauthorized access.

The security problem arises from the
 file. It is possible to
execute commands by entering 'blah;some-command' into the password fields.
Everything after the semicolon is executed with the same privilege as the
webserver.

Because of this, it is possible to compromise the webserver or do serious
damage to files on the site that are owned by the user 'nobody' or to
export a shell using xterm.

Updated piranha packages released as version 0.14.3-1 fixed the security
vulnerability while still require for the default behavior of requiring
the web administrator to reset the password before making the web site
public.

Because of the security concerns from the community and in order to
protect innocent administrators that might not be aware of the need to
change the password for Piranha's interface before going live on the
Internet, Red Hat is releasing a new set of packages that disable the
piranha web interface by default. The site administrator will have to
enable the service from the command line by resetting the password as
detailed on the main page of the piranha utility.

The new packages that include these changes are known as version
piranha-0.4.14-1.

Users of Red Hat Linux 6.2 are strongly encouraged to upgrade to the new
packages if they are actively using piranha on their system (upgrade
instructions follow) or to remove the piranha-gui package altogether by
issuing the following command:

rpm -e piranha-gui

4. Solution:

For each RPM for your particular architecture, run:

rpm -Fvh [filename]

where filename is the name of the RPM.

When you install the update for the piranha-gui, please take a moment to
review the instructions presented on the following URL
(). This should guide you through the process of
installing a password for use with the GUI.

5. Bug IDs fixed ( for more info):

N/A

6. Obsoleted by:

N/A

7. Conflicts with:

N/A

8. RPMs required:


Red Hat Linux 6.2:

intel:

alpha:

sparc:

sources:


9. Verification:

MD5 sum                           Package Name
- --------------------------------------------------------------------------7c9cad243857f3e90cb73457619ad3a0  6.2/SRPMS/piranha-0.4.14-1.src.rpm
179e502f88f149fe3bfb285af851a6d3  6.2/alpha/piranha-0.4.14-1.alpha.rpm
881622bc6403c2af38834c0deaf05d44  6.2/alpha/piranha-docs-0.4.14-1.alpha.rpm
7ffc63ec6f236afc0b19298ec29e6774  6.2/alpha/piranha-gui-0.4.14-1.alpha.rpm
1e04357c0ebb004185b834152667c644  6.2/i386/piranha-0.4.14-1.i386.rpm
5b6649f14979e1b2fbdb763d88e9a3ac  6.2/i386/piranha-docs-0.4.14-1.i386.rpm
1a49816f280dc7a9b83ba9bab42a247f  6.2/i386/piranha-gui-0.4.14-1.i386.rpm
4153b861f030a17745463c1749732b58  6.2/sparc/piranha-0.4.14-1.sparc.rpm
dc964993d9a3b6c967e5c4455bc24221  6.2/sparc/piranha-docs-0.4.14-1.sparc.rpm
97071e07e2f34fecf80ba48f61e70ba6  6.2/sparc/piranha-gui-0.4.14-1.sparc.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    
You can verify each package with the following command:
    rpm --checksig  

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg 

10. References:

This vulnerability was discovered and researched by Allen Wilson and Dan
Ingevaldson of Internet Security Systems. Red Hat would like to thank ISS
for the assistance in getting this problem fixed quickly.

Cristian
- --- ----------------------------------------------------------------------Cristian Gafton     --     gafton@RedHat.com      --     Red Hat, Inc.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  "How could this be a problem in a country where we have Intel and 
   Microsoft?"  --Al Gore on Y2K


-----BEGIN PGP SIGNATURE-----Version: 2.6.2

iQCVAwUBOQeN/fGvxKXU9NkBAQE7LwP/QnZL0RAfs5odNDee0htT3pxp8IxefuzY
jg8aedrbqkbZHzUflaGsFZN1KlXXwpelQ1kO9ro2YAewDvOVRgUFZyEM0gOIRpaJ
mAK3cgQageGG09Gg58X+Ov+3AD64R89ufv30YFakrblRYYCLmvZRn4e2zE97DgZM
Qk5LS0w9ZoM=lrT3
-----END PGP SIGNATURE-----

RedHat 6.2: UPDATED: Piranha web GUI exposure

The GUI portion of Piranha may allow any remote attacker to execute commands on the server.

Summary



Summary

When Piranha is installed, it generates a 'secure' web interface ID using the HTML .htaccess method. The information for the account is placed in /home/httpd/html/piranha/secure/passwords which was supposed to be released with a blank password. Unfortunately, the password that is actually on the CD is 'Q'. The original intent was that, when the administrator installed Piranha rpms onto their box, that they would change the default blank password to a password of their own choosing. This is not a hidden account. Its only use is to protect the web pages from unauthorized access. The security problem arises from the file. It is possible to execute commands by entering 'blah;some-command' into the password fields. Everything after the semicolon is executed with the same privilege as the webserver. Because of this, it is possible to compromise the webserver or do serious damage to files on the site that are owned by the user 'nobody' or to export a shell using xterm. Updated piranha packages released as version 0.14.3-1 fixed the security vulnerability while still require for the default behavior of requiring the web administrator to reset the password before making the web site public. Because of the security concerns from the community and in order to protect innocent administrators that might not be aware of the need to change the password for Piranha's interface before going live on the Internet, Red Hat is releasing a new set of packages that disable the piranha web interface by default. The site administrator will have to enable the service from the command line by resetting the password as detailed on the main page of the piranha utility. The new packages that include these changes are known as version piranha-0.4.14-1. Users of Red Hat Linux 6.2 are strongly encouraged to upgrade to the new packages if they are actively using piranha on their system (upgrade instructions follow) or to remove the piranha-gui package altogether by issuing the following command: rpm -e piranha-gui


Solution

For each RPM for your particular architecture, run:
rpm -Fvh [filename]
where filename is the name of the RPM.
When you install the update for the piranha-gui, please take a moment to review the instructions presented on the following URL (). This should guide you through the process of installing a password for use with the GUI.
5. Bug IDs fixed ( for more info):
N/A
6. Obsoleted by:
N/A
7. Conflicts with:
N/A
8. RPMs required:

Red Hat Linux 6.2:
intel:
alpha:
sparc:
sources:

9. Verification:
MD5 sum Package Name 179e502f88f149fe3bfb285af851a6d3 6.2/alpha/piranha-0.4.14-1.alpha.rpm 881622bc6403c2af38834c0deaf05d44 6.2/alpha/piranha-docs-0.4.14-1.alpha.rpm 7ffc63ec6f236afc0b19298ec29e6774 6.2/alpha/piranha-gui-0.4.14-1.alpha.rpm 1e04357c0ebb004185b834152667c644 6.2/i386/piranha-0.4.14-1.i386.rpm 5b6649f14979e1b2fbdb763d88e9a3ac 6.2/i386/piranha-docs-0.4.14-1.i386.rpm 1a49816f280dc7a9b83ba9bab42a247f 6.2/i386/piranha-gui-0.4.14-1.i386.rpm 4153b861f030a17745463c1749732b58 6.2/sparc/piranha-0.4.14-1.sparc.rpm dc964993d9a3b6c967e5c4455bc24221 6.2/sparc/piranha-docs-0.4.14-1.sparc.rpm 97071e07e2f34fecf80ba48f61e70ba6 6.2/sparc/piranha-gui-0.4.14-1.sparc.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key is available at:
You can verify each package with the following command: rpm --checksig
If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg

References

This vulnerability was discovered and researched by Allen Wilson and Dan Ingevaldson of Internet Security Systems. Red Hat would like to thank ISS for the assistance in getting this problem fixed quickly. Cristian ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "How could this be a problem in a country where we have Intel and Microsoft?" --Al Gore on Y2K -----BEGIN PGP SIGNATURE-----Version: 2.6.2 iQCVAwUBOQeN/fGvxKXU9NkBAQE7LwP/QnZL0RAfs5odNDee0htT3pxp8IxefuzY jg8aedrbqkbZHzUflaGsFZN1KlXXwpelQ1kO9ro2YAewDvOVRgUFZyEM0gOIRpaJ mAK3cgQageGG09Gg58X+Ov+3AD64R89ufv30YFakrblRYYCLmvZRn4e2zE97DgZM Qk5LS0w9ZoM=lrT3 -----END PGP SIGNATURE-----

Package List


Severity
Advisory ID: RHSA-2000:014-16
Issued Date: : 2000-04-18
Updated on: 2000-04-26
Product: Red Hat Linux
Keywords: piranha
Cross references: php
The GUI portion of Piranha may allow any remote attacker to execute
commands on the server. This may allow a remote attacker to launch
additional exploits against a web site from inside the web server.
This is an updated release that disables Piranha's web GUI interface
unless the site administrator enables it explicitly.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Linux 6.2 - i386 alpha sparc


Bugs Fixed


Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved