[TriLUG] Ubuntu - great security - you'll love this
Matt Nash
mattnash at intrex.net
Mon Mar 13 09:15:14 EST 2006
In the Ubuntu install, the root user is disabled by default. Only
during an expert install would you specify a root password and enable
the account. Presumably, expert grandmas would also keep up with updates.
Matt
Jason Faulkner wrote:
>I'm not trying to bash, but this isn't a vulnerability that's just "fixed".
>
>There are thousands of ubuntu installs that now have root passwords in
>their installerlogs. For a "grandma" user, which most people point
>toward ubuntu nowadays, they're clueless about it, and now their boxes
>are setup to be screwed over just any shell exploit.
>
>--Jay
>
>On 3/13/06, crimsun at fungus.sh.nu <crimsun at fungus.sh.nu> wrote:
>
>
>>On Mon, Mar 13, 2006 at 07:04:06AM -0500, Magnus wrote:
>>
>>
>>>The root password from the first user registred by Breezy can be found by
>>>any user by reading the file /var/log/installer/cdebconf/questions.dat
>>>
>>>
>>Pretty ugly. And of course, fixed [0].
>>
>>[0] http://www.ubuntu.com/usn/usn-262-1
>>
>>
>
>
>--
>Jason Faulkner
>------------------------
>OldOs.org Owner/Admin //
>OpenDocument Fellowship Sysadmin
>
>
More information about the TriLUG
mailing list