Jump to content
Sign in to follow this  
anyweb

'Root' Password Readable in Clear Text on Ubuntu Breezy

Recommended Posts

for all you ubuntu users out there, please read the following and act accordingly

 

from:- http://www.osnews.com/story.php?news_id=13951

 

https://launchpad.net/distros/ubuntu/+bug/34606

 

A major, critical bug and possible security threat has been discovered in Ubuntu Breezy. Apparantly, the 'root' password (not actually the root password because Ubuntu uses sudo) gets written into the installer's log files in clear text, and can be read by any account on the Ubuntu machine. The bug was first discovered and reproduced on the Ubuntu forums. The bug does not seem to affect Dapper, however, users upgrading from Breezy to Dapper might still be at risk because the log files are not modified.

 

cheers

anyweb

Share this post


Link to post
Share on other sites

Quick and easy solution is to remove both files:

rm /var/log/installer/cdebconf/questions.dat
rm /var/log/debian-installer/cdebconf/questions.dat

 

.. nasty when files like that are left just around :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...