Root Password Readable in Clear Text with Ubuntu
BBitmaster writes "An extremely critical bug and security threat was discovered in Ubuntu Breezy Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away."
A thanks to Teotihacan for finding this. I'm sure that eventually several sysadmins would have failed security audits because of this. -- Jim http://www.runfatboy.net/
A patch in 2 hours for a massive security hole in an OS, on a sunday as mentioned earlier. Class, let's do a comparison:
:P
Ubuntu devs fix a massive hole in a few hours, tops
Microsoft devs fix a massive hole (WMF security bug) in two weeks-ish...
Which group put more people at risk and why? I want a 5000 word essay by this thursday explaining your views.
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
On a side note - this is pretty bad - sure a lot of people are going to say this is local privilige escalation only, but combined with any other exploit, this allows an attacker root access.
This is the reason I use Debian for anything serious....
My pics.