linux user group brescia

> From owner-bugtraq a SECURITYFOCUS.COM  Tue Apr 25 18:44:33 2000
> Approved-By: aleph1 a SECURITYFOCUS.COM
> Delivered-To: bugtraq a lists.securityfocus.com
> Delivered-To: BUGTRAQ a SECURITYFOCUS.COM
> X-Sender: gafton a alien.devel.redhat.com
> Approved: ewt a redhat.com
> MIME-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Reply-To: Cristian Gafton <gafton a REDHAT.COM>
> Sender: Bugtraq List <BUGTRAQ a SECURITYFOCUS.COM>
> Subject:      SECURITY: [RHSA-2000:014-10] Updated piranha packages available
> X-To:         redhat-watch-list a redhat.com
> X-cc:         Linux Security <linux-security a redhat.com>,
>               BUGTRAQ a SECURITYFOCUS.COM
> To: BUGTRAQ a SECURITYFOCUS.COM
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> - ---------------------------------------------------------------------
>                    Red Hat, Inc. Security Advisory
>
> Synopsis:          Piranha web GUI exposure
> Advisory ID:       RHSA-2000:014-10
> Issue date:        2000-04-18
> Updated on:        2000-04-24
> Product:           Red Hat Linux
> Keywords:          piranha remote CGI command
> Cross references:  php
> - ---------------------------------------------------------------------
>
> 1. Topic:
>
> The GUI portion of Piranha may allow any remote attacker to execute
> commands on the server. This may lead to remote compromise of the server,
> as well as exposure or defacement of the website.
>
> 2. Relevant releases/architectures:
>
> Red Hat Linux 6.2 - i386 alpha sparc
>
> 3. Problem description:
>
> Piranha when it is installed generates a 'secure' web interface ID using
> the HTML .htaccess method. The information for the account is placed in
> /home/httpd/html/piranha/secure/passwords which was supposed to be
> released with a blank password. In fact the password that is actually on
> the CD is either 'q' or 'piranha'. It was intended that when the
> administrator loaded the piranha package onto their box, that it was their
> resonsibility to change that password. This is not a hidden account. It is
> meerly used to protect the web pages from unauthorized access. The
> security problem arises from the
> /home/httpd/html/piranha/secure/passwd.php3 file from which it is possible
> to execute commands by inserting them into the change password option eg
> entering 'blah;/bin/command to execute' into the field, and again to
> verify, everything after the semicolon is executed with the same privilege
> as the webserver. It is possible at this point to compromise the webserver
> or do serious damage to the site.
>
> 4. Solution:
>
> For each RPM for your particular architecture, run:
>
> rpm -Fvh [filename]
>
> where filename is the name of the RPM.
>
> Temporarily, you should set a password on the web pages as should be done
> when you first install the package for the sake of speed you can issue the
> following command htpasswd -c -b /home/httpd/html/piranha/secure/passwords
> piranha 'password of choice' In theory, this means only you have access to
> that area and you are hardly likely to try and exploit the problem
> yourself.
>
> When you install the update for the piranha-gui, please take a moment to
> login into the gui frontend and set a password on the account
> (http://localhost/piranha)
>
> 5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):
>
> N/A
>
> 6. Obsoleted by:
>
> N/A
>
> 7. Conflicts with:
>
> N/A
>
> 8. RPMs required:
>
>
> Red Hat Linux 6.2:
>
> intel:
> ftp://updates.redhat.com/6.2/i386/piranha-0.4.13-1.i386.rpm
> ftp://updates.redhat.com/6.2/i386/piranha-docs-0.4.13-1.i386.rpm
> ftp://updates.redhat.com/6.2/i386/piranha-gui-0.4.13-1.i386.rpm
>
> alpha:
> ftp://updates.redhat.com/6.2/alpha/piranha-0.4.13-1.alpha.rpm
> ftp://updates.redhat.com/6.2/alpha/piranha-docs-0.4.13-1.alpha.rpm
> ftp://updates.redhat.com/6.2/alpha/piranha-gui-0.4.13-1.alpha.rpm
>
> sparc:
> ftp://updates.redhat.com/6.2/sparc/piranha-0.4.13-1.sparc.rpm
> ftp://updates.redhat.com/6.2/sparc/piranha-docs-0.4.13-1.sparc.rpm
> ftp://updates.redhat.com/6.2/sparc/piranha-gui-0.4.13-1.sparc.rpm
>
> sources:
> ftp://updates.redhat.com/6.2/SRPMS/piranha-0.4.13-1.src.rpm
>
>
> 9. Verification:
>
> MD5 sum                           Package Name
> - --------------------------------------------------------------------------
> ece87b0ed6f01a87b954b980c115aec0  6.2/SRPMS/piranha-0.4.13-1.src.rpm
> 985ff7d09172f4bfcc17c8044bee7fe8  6.2/alpha/piranha-0.4.13-1.alpha.rpm
> 9804348b4dc73ab82a7624c404afb930  6.2/alpha/piranha-docs-0.4.13-1.alpha.rpm
> c1e536a9d14422115a89d2d56bf93926  6.2/alpha/piranha-gui-0.4.13-1.alpha.rpm
> f2db6f165f21f93e9b724a94cd3fc595  6.2/i386/piranha-0.4.13-1.i386.rpm
> bd54eb595f2a535e52486e799715ce00  6.2/i386/piranha-docs-0.4.13-1.i386.rpm
> ad9fb552616a221db26b92b668211a30  6.2/i386/piranha-gui-0.4.13-1.i386.rpm
> b9cb5cddd6e0cd99fc47eb56a06319a0  6.2/sparc/piranha-0.4.13-1.sparc.rpm
> 98313aa873dffe9c0520e3ad4862f2f5  6.2/sparc/piranha-docs-0.4.13-1.sparc.rpm
> 06cdba77a7f128e48a7c3d15c0cf9bcc  6.2/sparc/piranha-gui-0.4.13-1.sparc.rpm
>
>
> These packages are GPG signed by Red Hat, Inc. for security.  Our key
> is available at:
>     http://www.redhat.com/corp/contact.html
>
> You can verify each package with the following command:
>     rpm --checksig  <filename>
>
> If you only wish to verify that each package has not been corrupted or
> tampered with, examine only the md5sum with the following command:
>     rpm --checksig --nogpg <filename>
>
> 10. References:
>
> This vulnerability was discovered and researched by Allen Wilson and Dan
> Ingevaldson of Internet Security Systems. Red Hat would like to thank ISS
> for the assistance in getting this problem fixed quickly.
>
> Cristian
> - --
> - ----------------------------------------------------------------------
> Cristian Gafton     --     gafton a redhat.com      --     Red Hat, Inc.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>   "How could this be a problem in a country where we have Intel and
>    Microsoft?"  --Al Gore on Y2K
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
>
> iQCVAwUBOQSvofGvxKXU9NkBAQHwHQP/efMrg4JQGhU9iBMenU9ldu3bgX+uTNJN
> phgVVZ11OsbTYw0OOLHT0uoWtxiTouaE9dYtAHsioOONro1guoSrDkL1aJYn8GdZ
> Z4h8iSi+RlfgEFcfvkI5onllcwWkZeevv68qa4GwQBPPXEbNUGiR4KBTlEsuqUjA
> 2xhGtjqrKd4=
> =EYh9
> -----END PGP SIGNATURE-----
>