2) On Ubuntu systems, the root account is locked, so there is no root password. The vulnerability was that the initial user's password was logged, and the initial user has full sudo rights. While this is still a serious vulnerability, it is not as "plain, simple, stupid" as a root password on disk.
1) Ubuntu, not Ubuntnu
2) On Ubuntu systems, the root account is locked, so there is no root password. The vulnerability was that the initial user's password was logged, and the initial user has full sudo rights. While this is still a serious vulnerability, it is not as "plain, simple, stupid" as a root password on disk.
Thanks,
Jeff Waugh
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/161/792#792