Admin password readable by any user in “Breezy” (Ubuntu)
Linux, Miscellaneous, Open Source, Ridiculous Add commentsD’oh! Bug #34606†says it all! This is bad, bad, bad. Wow, what an oversite!
I’m currently running Ubuntu, kernel 2.6.12-10-386 on my single user desktop. Let’s see how I do…
gabe@office:~$ sudo grep MyPassword /var/log/* -R
/var/log/debian-installer/cdebconf/questions.dat:Value: MyPassword
/var/log/installer/cdebconf/questions.dat:Value: MyPassword
Ouch, Ouch, Ouch! The admin’s password in PLAIN TEXT! Oh, this is embarrassing for Ubuntu! It gets worse still. Check out the permissions on the file:
gabe@office:~$ ll /var/log/debian-installer/cdebconf/questions.dat
-rw-r–r– 1 root root 62118 2006-02-17 08:33 /var/log/debian-installer/cdebconf/questions.datgabe@office:~$ ll /var/log/installer/cdebconf/questions.dat
-rw-r–r– 1 root root 62118 2006-02-17 08:33 /var/log/installer/cdebconf/questions.dat
That’s right, world readable. Doesn’t get much worse then that. Well, it’s only locally exploitable. Little consolation!
“Welcome to my server. Would you like to own it?”
March 13th, 2006 at 9:12 am
Little follow-up…
This package was updated this morning:
Version 2.67ubuntu20:
* Tidy up after Malone bug #34606, which left passwords exposed in /var/log/installer/cdebconf/questions.dat, by removing those passwords when base-config runs; for good measure, make /var/log/installer/cdebconf/* world-unreadable if this bug is detected.
“Tidy up”? Let’s not under-react or anything!