COMMAND

    Piranha

SYSTEMS AFFECTED

    RedHat 6.2

PROBLEM

    Frostman  found  following.   Looking  at  the  default install of
    Piranha  on  RH  6.2  the  password  file  is  world  readable and
    encrypted with standard DES.  Hence any user with a shell  account
    can download this password file  and crack it in turn  giving them
    access to the Piranha configuration and probably more.

    If you want change the piranha's passwd you can make it using  the
    form... it's stupid... let's see:

        [arkth@localhost logs]$ pwd
        /etc/httpd/logs
        [arkth@localhost logs]$ ls -l access_log
        -rw-r--r--    1 root     root       526471 May 19 20:58 access_log
        [arkth@localhost logs]$ grep try1 access_log
        127.0.0.1 - piranha [19/May/2000:14:00:48 +0200] "GET /piranha/secure/passwd.php3?try1=xxx&try2=xxx&passwd=ACCEPT HTTP/1.0" 200 3120
        127.0.0.1 - piranha [19/May/2000:14:01:03 +0200] "GET /piranha/secure/passwd.php3?try1=yyy&try2=yyy&passwd=ACCEPT HTTP/1.0" 200 3120
        127.0.0.1 - piranha [19/May/2000:20:58:50 +0200] "GET /piranha/secure/passwd.php3?try1=arkth&try2=arkth&passwd=ACCEPT HTTP/1.0" 200 3120
        [arkth@localhost logs]$ _

    we can see here all passwds  (the last is the valid one)  in plain
    ASCII...  (first  change  was  to:  "xxx",  second:  "yyy", third:
    "arkth").  On Redhat access_log is default world readable.

SOLUTION

    Workaroud?

        bash# chmod 640 /var/log/httpd/access_log