CVE

Id
1826  
CVE No.
CVE-2000-0248  
Status
Candidate  
Description
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.  
Phase
Modified (20070924)  
Votes
ACCEPT(3) Baker, Cole, Levy | MODIFY(1) Frech | NOOP(2) Christey, Wall | REJECT(1) Cox  
Comments
Christey> Typo fix: change "passowrd" to "password" | ADDREF BID:1148 | ADDREF URL:http://www.securityfocus.com/bid/1148 | Christey> ADDREF XF:piranha-default-password | Frech> XF:piranha-default-password | In description, passowrd should be password. | Cox> The "execute arbitrary commands" part is a seperate vulnerability, | already assigned CVE-2000-0322. The package was designed to have no | password on installation, so "backdoor" does not apply. When users | install Piranha they are expected to add a password to the web | administration GUI, it"s a documented part of the procedure. "The web | GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux | Piranha package installs with a default password" is accurate if it | qualifies as an exposure. | Christey> BUGTRAQ:20000425 piranha default password/exploit | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95668829621268&w=2 | | Default accounts/passwords need to be accounted for in CVE, | but the question is what level of abstraction to use - a | separate CVE for each password, or one CVE for all passwords, | or somewhere in the middle? That is the crux of CD:CF-PASS.  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
5770 1826 CVE-2000-0248 ISS:20000424 Backdoor Password in Red Hat Linux Virtual Server Package  View
5771 1826 CVE-2000-0248 URL:http://xforce.iss.net/alerts/advise46.php3  View

Related JVN