Ubuntu critical security bug
Josh Zeidner
jjzeidner at gmail.com
Wed Mar 15 12:37:35 MST 2006
Hello Hans,
WARNING: You have greatly exceeded the critical attention threshold of 90%
of Ubuntu users. I could do as you indicate, or I could press the apt-get
update button. Plus a get a reassuring 'bling' noise that reminds me that
the universe is once again at peace. JMZ
On Tuesday 14 March 2006 12:31, der.hans wrote:
> Am 13. Mar, 2006 schwätzte Josh Zeidner so:
> > Run a package update immediately... ( usually as a rule I do not post
> > anything that has been featured on /. )
> >
> > https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
> >
> > http://www.ubuntu.com/usn/usn-262-1
>
> It seems to me that the simple fix for this is to just change the password
> for the first account created.
>
> Bug as I understand it:
>
> During install of official Breezy[0] the passwd given for the first user
> account gets stored in plain text readable by anyone on the machine.
>
> This is a problem because the first user account created automagically
> gets sudo access and can become root. Root still has no passwd and one
> cannot just login as root.
>
> In order to exploit this the passwd needs to have not been changed and the
> exploiter needs to already be on the box. The exploiter could then login
> as the first user created on that box and then sudo to root.
>
> I see 2 ways to fix this without an upgrade:
>
> 1. change the passwd for the first user created[1]
> 2. remove the entries from /var/log/installer/cdebconf/questions.dat[2]
>
>
> [0] so doesn't affect installs of Breezy beta or upgrades from Hoary or
> Breezy beta
>
> [1] if changing the passwd isn't sufficient someone's already broken in
> and the machine needs to be reinstalled[3]
>
> [2] removing the file is one way of removing the entries
>
> [3] don't forget to change the passwd before allowing anyone else on the
> machine ;-)
>
> ciao,
>
> der.hans
More information about the PLUG-discuss
mailing list