ubuntu 5.10 (breezy) installer log security hole...
okay, for those who haven't heard, there is a major security hole in ubuntu 5.10.
the hole is that ubuntu's installer logs contain the root password in plaintext.
the logs can be found in /var/log/cdebconf/questions.dat.
all you need do is simply delete this file...however it would be in your best interest to make sure any superfluous copies are delete, and a secure wipe of all the free space on your computer's hard drives be done as well.
doing a sudo grep -r /var might be a good idea too.
now, according to digg, OSNews, and the Ubuntuforums, this ONLY affects version 5.10...Dapper is confirmed unaffected, and there hasn't been any complaints from Hoary users yet.
the hole is that ubuntu's installer logs contain the root password in plaintext.
the logs can be found in /var/log/cdebconf/questions.dat.
all you need do is simply delete this file...however it would be in your best interest to make sure any superfluous copies are delete, and a secure wipe of all the free space on your computer's hard drives be done as well.
doing a sudo grep -r
now, according to digg, OSNews, and the Ubuntuforums, this ONLY affects version 5.10...Dapper is confirmed unaffected, and there hasn't been any complaints from Hoary users yet.
