Massive Security Hole In Ubuntu

Published 2006-03-12. Read 2,591 times. Comments. Tagged: linux security ubuntu

I’ve just been informed of this absolutely massive security hole in Ubuntu that allows any user to grab any passwords that were set during setup because they’re stored in a log file for later helping users if they bump into problems. The original thread.

There is a file that contains all the installation logs :
/var/log/installer/cdebconf/questions.dat
In this file, there is all the questions asked to the user abd all the user’s answers.

So, near the end of the file, we can find the user created during the installation… and its password (not hidden).

Then, tell me if I’m wrong :
_ in the normal installation mode, the user created can get the root privileges with sudo
_ in the expert mode, there is a root account created

In both case, it’s possible to get an administrator username/password.

Moreover, this file can be read by all users (contrary to the syslog).

The fastest way to fix this is to just change your password as the only passwords in this log are the ones set through setup (not subsequently). If you made a lot of accounts at setup, then you might find it easier to delve into the file with vi and nuke them all from the log directly.

About Oli: I’m a Django and Python programmer, occasional designer, Ubuntu member, Ask Ubuntu moderator and technical blogger. I occasionally like to rant about subjects I should probably learn more about but I usually mean well.

Stay updated: Subscribe by RSS or Subscribe by Email.