piranha/secure/passwd.php3:
Piranha is a utility which comes with Red Hat Linux for administering the
Linux Virtual Server. It comes with a default backdoor password which
could allow unauthorized access to the Graphical User Interface (GUI).
By exploiting vulnerabilities in the tools that come with the GUI, an
attacker who knows the backdoor password could execute arbitrary commands
on the server. Any server which has piranha-gui 0.4.12 installed, which
is the default for Red Hat 6.2, is vulnerable.
cart32.exe:
This program is part of Cart 32, an E-Commerce Shopping Cart application.
By default, it has a backdoor password of "wemilo". An attacker who
knows this password could view a list of client passwords using an
undocumented URL such as http://hostname/scripts/cart32.exe/cart32clientlist.
The hashed client passwords could be used to execute arbitrary commands
on the server using a specially crafted URL.
cart32.exe:
Using a hex editor, change the backdoor password (found at 0x6204h)
to something else. Also change the permissions on c32web.exe
so that it is only accessible by administrators. This will prevent
unauthorized users from executing arbitrary commands using a specially
crafted URL. Alternatively, apply the patch developed by
L0pht.
cart32.exe:
See the
Cerberus Advisory.