Ubuntu critical security bug

der.hans PLUGd at LuftHans.com
Tue Mar 14 12:31:01 MST 2006


Am 13. Mar, 2006 schwätzte Josh Zeidner so:

> Run a package update immediately... ( usually as a rule I do not post anything
> that has been featured on /. )
>
> https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606
>
> http://www.ubuntu.com/usn/usn-262-1

It seems to me that the simple fix for this is to just change the password
for the first account created.

Bug as I understand it:

During install of official Breezy[0] the passwd given for the first user
account gets stored in plain text readable by anyone on the machine.

This is a problem because the first user account created automagically
gets sudo access and can become root. Root still has no passwd and one
cannot just login as root.

In order to exploit this the passwd needs to have not been changed and the
exploiter needs to already be on the box. The exploiter could then login
as the first user created on that box and then sudo to root.

I see 2 ways to fix this without an upgrade:

1. change the passwd for the first user created[1]
2. remove the entries from /var/log/installer/cdebconf/questions.dat[2]


[0] so doesn't affect installs of Breezy beta or upgrades from Hoary or
Breezy beta

[1] if changing the passwd isn't sufficient someone's already broken in
and the machine needs to be reinstalled[3]

[2] removing the file is one way of removing the entries

[3] don't forget to change the passwd before allowing anyone else on the
machine ;-)

ciao,

der.hans
-- 
#  https://www.LuftHans.com/        http://www.CiscoLearning.org/
#  Join the League of Professional System Administrators! https://LOPSA.org/
#  Molotov Bible - religion thrown at other people in order to cause an
#  explosive situation - der.hans


More information about the PLUG-discuss mailing list