[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Linux-aus] Root Password Readable in Clear Text with Ubuntu
On Mon, 2006-03-13 at 23:23 +1030, Dale wrote:
> Hi all,
>
> I thought this was worth a mention for people that use Ubuntu Breezy
>
> http://it.slashdot.org/article.pl?sid=06/03/13/0525254&from=rss
>
> <quote>
> Posted by Zonk on Monday March 13, @12:34AM
> from the that's-a-big-oops dept.
> Security Linux
> BBitmaster writes "An extremely critical bug and security threat was
> discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on
> the Ubuntu Forums that allows anyone to read the root password simply
> by opening an installer log file. Apparently the installer fails to
> clean its log files and leaves them readable to all users. The bug has
> been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu
> users, be sure to get the patch right away."
> </quote>
It should also be mentioned that this does not affect those who
dist-upgraded from Hoary. Also the solution is pretty simple. Simply
remove the /var/log/installer/cdebconf/questions.dat file.
--
James Purser
Producer/Presenter - Linux Australia Update
http://k-sit.com - My Blog
http://la-pod.k-sit.com - Linux Australia Update Podcast,Blog and Forums
Skype: purserj1977
SIP: 736855@fwd.pulver.com