Escalate a Ubunutu User To Root in Breezy

Posted on March 13, 2006
Filed Under /dev/null/ | 63 views |

Evidently the Ubuntu Breezy Badger installer doesn’t properly clean up its log files after installation thus leaving the root password in cleartext in a file any user on the system can read. As a result of this, any user on a Breezy system can escalate themselves to root. Not a big deal if you’re using Ubuntu as your personal machine and you only have your own account but this is a huge deal in a multi-user environment.

IMO there are actually three things wrong here: 1. the log file is not cleaned up after installation. 2. that any password is stored in a file readable by all users, 3. that the root password is stored in a log file at all.

Fortunately there’s already a patch available. You should probably update your Breezy Badger (5.10) install now as this vulnerability has since made the front page of /. and digg.

Comments

Leave a Reply

About

This is an area on your website where you can add text. This will serve as an informative location on your website, where you can talk about your site.
Search
Admin
- Log in
- Wordpress
- XHTML

Escalate a Ubunutu User To Root in Breezy

Comments

The Other Blog (for geeks)

Pages

Recent Posts

Software

Stuff and Things

Categories

About

Search

Admin