Backdoor Found in Red Hat Linux

It appears that Microsoft Windows is not the only operating system on the market that has a backdoor for those users who know the magic words. While Red Hat officials downplayed its seriousness, a team at Internet Security Systems, Inc. reports the security hole allows an intruder to access and modify files on systems running the most recent version of Red Hat Linux.

According to the reports, the first hole is associated with the set of Web administration utilities called "Piranha," and allows a malicious user to run the utilities on any Red Hat-run Web site from any Web browser.

The second, and more serious of the two, gives a user the ability to use the "Change Password" command to change the password and add an extra line of code that can execute any function the server itself can perform. Using this, the malicious user could gain full control of the server, and perform various actions within that system.

Only those users with Red Hat Piranha are vulnerable, although the utilities do not have to be used for the security risk to occur. The Internet Security Systems, Inc. researchers recommend users of Red Hat download and install the patch immediately.

Red Hat officials have denied the seriousness of the flaw, saying that the vulnerability only affects servers where the default name of Piranha and the password (accidentally set by Red Hat developers) are known by the intruder. Officials also refute the hole as a "backdoor" into systems, but security experts stress that the flaw is serious.

You can download the patch here to update your system and remove the vulnerabilities.