[TriLUG] Ubuntu - great security - you'll love this

Tanner Lovelace clubjuggler at gmail.com
Mon Mar 13 10:41:43 EST 2006


On 3/13/06, Aaron S. Joyner <aaron at joyner.ws> wrote:
> Note that this is the first user created during the install, in a
> non-expert install.  That user is granted sudo privs, so having that
> user's password is just as bad as having root, presuming it hasn't been
> changed since install (which in the case of your average grandma, it
> most likely hasn't).  Note, I haven't researched this thoroughly nor
> have I ever installed Ubuntu, this is just what I gleaned from some
> security mailing list traffic I was reading earlier today.  Take with a
> grain of salt and do your own research if you're in the unfortunate
> position of running Ubuntu at the moment.

>From what I've read, this only seems to affect Ubuntu Breezy and
not previous or later releases.  It would also affect Dapper installations
that have upgraded from Breezy.  Upgrading the passwd package
(which should be in the normal updates, I assume) will fix the problem.
(All of which was mentioned in the link Dan posted.)

Cheers,
Tanner
--
Tanner Lovelace
clubjuggler at gmail dot com
http://wtl.wayfarer.org/
(fieldless) In fess two roundels in pale, a billet fesswise and an
increscent, all sable.



More information about the TriLUG mailing list