Linked by Thom Holwerda on Sun 12th Mar 2006 20:46 UTC, submitted by lotusleaf
A major, critical bug and possible security threat has been discovered in Ubuntu Breezy. Apparently, the 'root' password (not actually the root password because Ubuntu uses sudo) gets written into the installer's log files in clear text, and can be read by any account on the Ubuntu machine. The bug was first discovered and reproduced on the Ubuntu forums. The bug does not seem to affect Dapper, however, users upgrading from Breezy to Dapper might still be at risk because the log files are not modified. Update: Bug is fixed. Please upgrade.
Thread beginning with comment 103945
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[8]: Cue the peanut gallery
by Tom K on Mon 13th Mar 2006 10:00
in reply to "RE[7]: Cue the peanut gallery"
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-06-29
This flaw can't be used to break in. It's a clear cut priviledge escalation issue, break ins are another matter.
This is more like inviting your neighbor over and him then snatching the deed to your house from under your nose. Where a breakin would be someone cutting/breaking the window and stealing things.
You'll notice my analogy made the breakin easier to detect and the damage much easier to find. He also got less, the neighbor got your whole house by some impossibility of law.
Once again. If you are already a user on the machine you can't break into it. You're already in it!