Haha nice one Ubuntu
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Haha nice one Ubuntu

  1. #1
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Haha nice one Ubuntu

    Well, since Ubuntu seems to have more steam than a tea kettle, I'll point this out:

    http://lxer.com/module/newswire/view/55975/index.html

    Cute.....EVERY USER ON THE SYSTEM CAN SEE EVERY USER NAME AND PASSWORD ON THE SYSTEM... Not that I use Ubuntu, I've installed it and looked at it and decided this no root but you can sudo to anything WITHOUT a passwd wasn't for me so I put Slackware and Free BSDon that box.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  2. #2
    Banned
    Join Date
    Mar 2006
    Posts
    78
    While I may be mistaken.you can see every user name in the /etc/passwd file. As for the password. I find that a bit much. But, since I Haven't played with Ubuntu I can't say if it is as retarted as it sounds. Some of the most ass-backwards security measures effectively secure a system. When I get some more time today I will take some time and read over the entire site. But, for now it's workout time.
    *Yea... Burn those calories.*

  3. #3
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    Badger Badger Badger Badger Cleartext password password !
    Badger Badger Badger Badger Cleartext password password !
    Badger Badger Badger Badger Cleartext password password !
    Badger Badger Badger Badger Cleartext password password !

    A patch, a patch.. a yeah.. there's a patch !!


    @House929: It was in the file /var/log/installer/cdebconf/questions.dat readable by anyone..
    It is the instalation log that contains either a sudo password or the root password (depending on your installation choices)..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  4. #4
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    I'm surprised they missed that - and the file was readable by anyone..

    I haven't had a chance to look at it - but if it's the installation log, then why does the patch advise you to upgrade base-config and passwd, rather than simply removing the log? LXer also says that it contains the results of the installation questions, so I don't see why upgrading the packages would resolve the problem..

    Cheers,

    -jk
    TAZForum <---- click

  5. #5
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Originally posted here by House929
    While I may be mistaken.you can see every user name in the /etc/passwd file. As for the password. I find that a bit much. But, since I Haven't played with Ubuntu I can't say if it is as retarted as it sounds. Some of the most ass-backwards security measures effectively secure a system. When I get some more time today I will take some time and read over the entire site. But, for now it's workout time.
    *Yea... Burn those calories.*
    Speaking of calories and health, how about checking out SALTS for /etc/passwd



    Jinx..... No you did not just sing the badger song about Linux......
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914

    Re: Haha nice one Ubuntu

    Originally posted here by gore
    Well, since Ubuntu seems to have more steam than a tea kettle, I'll point this out:

    http://lxer.com/module/newswire/view/55975/index.html

    Cute.....EVERY USER ON THE SYSTEM CAN SEE EVERY USER NAME AND PASSWORD ON THE SYSTEM... Not that I use Ubuntu, I've installed it and looked at it and decided this no root but you can sudo to anything WITHOUT a passwd wasn't for me so I put Slackware and Free BSDon that box.
    You did blow this a little outta proportion Gore , As Jinx mentioned only one password was visible.. and you know what... I setup all my installs with the sudo option and I've gone through the three Ubuntu boxes that I have (before install the update that "fixes" this) and I couldn't find any passwords..

    Anyone who thinks first and then installs avoided this problem..

    What I do is let it install sudo access.... Then I use sudo to password protect my root account with my own password.. voila, this whole problem is avoided...

    Also root, by default has no remote access and no X-Windows access (if I remember correctly)... as I've seen a number of complaints about both... although I usually give root full access on my machines because they aren't available to the public.. and in this case this has to be locally exploited... or the person has to already have access to your system...

    If the person is local... we know you're already beaten

    If they have access and you didn't secure the box to prevent them from accessing the location where the file was stored... well... you should be locking down your box better if you don't trust your users..

    Big whole yes... big problem.. no... Not if you compute intelligently... Also it was fixed rather quickly when reported...

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    but what if your password really was ####### would you have picked it up .
    ----------------------------------------------------------------------------------------------------------
    "If I'd asked my customers what they wanted, they'd have said a faster horse." ~ Henry Ford

  8. #8
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Not sure I follow everyone here on this one. I'm running Ubuntu, and yes indeed, there's my password 95% of the way through the aforementioned log. Can't I just edit the log, deleting or changing the password?

    Thanks.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #9
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    There ist supposed to be ein patch,
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  10. #10
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Jawohl, Herr Gore, ich verstehe.

    I'm not as up to speed on admin'ing linux systems as I'd like, just checked the Update Mgr which told me the system was up-to-date. Reloaded the Update Mgr., and lo-and-behold, here come the warm jets. Tankee.

    Sehr gut!
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides