[Bug 296841] [NEW] root account has ! as default password

Thu, 13 Nov 2008 19:53:35 -0800 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Jamie Strandboge 
(jdstrand):

Mathiaz reported that vm created for ec2 could be logged on to the root
account using ! as a password

It was later verified that this problem could be reproduced on any vm
generated by python-vm-builder and some version of ubuntu-vm-builder.

Security fix for uvb in hardy fixed this but was later on reverted in
the version in -proposed

Test:
 Create a vm using "sudo vmbuilder kvm ubuntu --addpkg openssh-server"
 Start the VM
 Log in using ssh [EMAIL PROTECTED] with password !

** Affects: vmbuilder
     Importance: Undecided
         Status: Fix Committed

** Affects: shadow (Ubuntu)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Committed

** Affects: vm-builder (Ubuntu)
     Importance: Critical
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

** Affects: shadow (Ubuntu Dapper)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Released

** Affects: vm-builder (Ubuntu Dapper)
     Importance: Undecided
         Status: Invalid

** Affects: shadow (Ubuntu Gutsy)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Released

** Affects: vm-builder (Ubuntu Gutsy)
     Importance: Undecided
         Status: Invalid

** Affects: shadow (Ubuntu Hardy)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Released

** Affects: vm-builder (Ubuntu Hardy)
     Importance: Undecided
         Status: Invalid

** Affects: shadow (Ubuntu Intrepid)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Released

** Affects: vm-builder (Ubuntu Intrepid)
     Importance: Critical
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Released

** Affects: shadow (Ubuntu Jaunty)
     Importance: High
     Assignee: Jamie Strandboge (jdstrand)
         Status: Fix Committed

** Affects: vm-builder (Ubuntu Jaunty)
     Importance: Critical
     Assignee: Jamie Strandboge (jdstrand)
         Status: In Progress

-- 
root account has ! as default password
https://bugs.launchpad.net/bugs/296841
You received this bug notification because you are a member of Ubuntu Bugs, 
which is a direct subscriber.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to