[Linux-aus] Root Password Readable in Clear Text with Ubuntu

James Purser purserj at k-sit.com
Mon Mar 13 21:04:01 UTC 2006


On Mon, 2006-03-13 at 23:23 +1030, Dale wrote:
> Hi all,
> 
> I thought this was worth a mention for people that use Ubuntu Breezy
> 
> http://it.slashdot.org/article.pl?sid=06/03/13/0525254&from=rss
> 
> <quote>
> Posted by Zonk  on Monday March 13, @12:34AM
> from the that's-a-big-oops dept.
> Security Linux
> BBitmaster writes "An extremely critical bug and security threat was
> discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on
> the Ubuntu Forums that allows anyone to read the root password simply
> by opening an installer log file. Apparently the installer fails to
> clean its log files and leaves them readable to all users. The bug has
> been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu
> users, be sure to get the patch right away."
> </quote>

It should also be mentioned that this does not affect those who
dist-upgraded from Hoary. Also the solution is pretty simple. Simply
remove the /var/log/installer/cdebconf/questions.dat file.
-- 
James Purser
Producer/Presenter - Linux Australia Update
http://k-sit.com - My Blog
http://la-pod.k-sit.com - Linux Australia Update Podcast,Blog and Forums
Skype: purserj1977
SIP: 736855 at fwd.pulver.com





More information about the linux-aus mailing list