*** This bug is a security vulnerability ***
Public security bug reported:
I might have found a security flaw with the root account in ubuntu 9.04.
Even though the root account is disabled through the gdm login screen.
By using this method I am describing someone or an attacker can put a
password on the root account or enable it and then also change it to the
option to allow the root account to login at the gdm screen. Then the
computer could be compromised all because of the root account.
1. right click Fast user switch applet
2. Click edit users and groups
3. In the user settings box click on unlock and enter the sudo password.
4. Then with the root account visible click on the root account and click on
properties.
5. Then on the account tab under the password section click on the radio button
that says set password by hand.
6. Enter a password for the user password and for the confirmation then click
OK.
7. Open up a terminal window and then type su then type the password you
created in the previous steps.
8. Then you should be logged in as root in terminal and then the root account
for the computer would be enabled.
I am using:
gnome 2.26.1
Ubuntu 9.04 32-bit
Linux kernel 2.6.28-13-generic
fast user switch applet 2.24.0
Thank you, Computerguy
** Affects: ubuntu
Importance: Undecided
Status: New
** Tags: account flaw root security ubuntu
** Visibility changed to: Public
--
Security flaw with fast user switch applet 2.24.0 using ubuntu 9.04
https://bugs.launchpad.net/bugs/397947
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
