• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Ubuntu Linux Local Installation Password Disclosure Vulnerability

Ubuntu Linux is prone to a local password-disclosure vulnerability because the installation system improperly store clear-text passwords in world-readable files.

Exploiting this issue allows local attackers to access the user account that was created during the initial installation of Ubuntu. Since this user is granted 'sudo' access to the superuser account, this potentially allows local attackers to completely compromise affected computers.