Huge security problem with Breezy
Mike Hudson
mike.hudson at gmail.com
Mon Mar 13 03:19:21 UTC 2006
I apologize if this is not the right forum for this issue, but I
think it's pretty important -- Every Ubuntu user should be warned.
http://www.ubuntuforums.org/showthread.php?t=143334
Users have reported Breezy Kubuntu and Ubuntu both have this problem.
Users report that the password they created when they installed
Breezy Ubuntu/Kubuntu is in plain text in the file below:
/var/log/installer/cdebconf/questions.dat
The file is world readable, so anybody that could log in locally,
remotely, or put executable script files on your Ubuntu/Kubuntu box
could have read your password.
Make sure to delete this file as soon as possible, and change your
password.
I imagine that this would only affect you if you installed from
Breezy. If you installed from Hoary and upgraded to Breezy, you
probably wouldn't have the problem.
Best Regards,
Michael Hudson
More information about the kubuntu-users
mailing list