Major Ubuntu Security Warning

riven · 13 Mar 2006 at 09:32

From slashdot:

"An extremely critical bug and security threat was discovered in Ubuntu Breezy
Badger 5.10 earlier today by a visitor on the Ubuntu Forums that allows anyone to read the root password simply by opening an installer log file. Apparently the installer fails to clean its log files and leaves them readable to all users. The bug has been fixed, and only affects The 5.10 Breezy Badger release. Ubuntu users, be sure to get the patch right away."

Solution
http://www.ubuntu.com/usn/usn-262-1

riven · 14 Mar 2006 at 19:49

JonRohan said:
Just imagine if something like this happened to Microsoft.

You mean like on windows where everyone has a root account by default :rolleyes:

riven · 14 Mar 2006 at 21:29

Yeah, it is a bit myth that linux doesn't have lots of vulnerabilities discovered, buts look at all the GLSA entries in a week. But the difference is most of them are fixed very quickly. Although there are still many things overlooked. Eg. gentoo contains no sane ulimits. This means a forkbomb (that can be written in one line of code) can bring a gentoo system down if the user hasn't set any ulimits. Of course then gentoo creators arn't willing to include ulimits by default, as most gentoo users wouldn't like this, as gentoo is about choice and setting your own config.

Major Ubuntu Security Warning

riven

riven

riven

riven

riven

riven