root account has ! as default password
Bug #296841 reported by
Nick Barcet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
VMBuilder |
Fix Released
|
Undecided
|
Unassigned | ||
base-passwd (Ubuntu) |
Fix Released
|
Medium
|
Colin Watson | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Intrepid |
Invalid
|
Undecided
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Colin Watson | ||
shadow (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
Dapper |
Fix Released
|
High
|
Jamie Strandboge | ||
Gutsy |
Fix Released
|
High
|
Jamie Strandboge | ||
Hardy |
Fix Released
|
High
|
Jamie Strandboge | ||
Intrepid |
Fix Released
|
High
|
Jamie Strandboge | ||
Jaunty |
Fix Released
|
High
|
Jamie Strandboge | ||
vm-builder (Ubuntu) |
Fix Released
|
Critical
|
Jamie Strandboge | ||
Dapper |
Invalid
|
Undecided
|
Unassigned | ||
Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
Hardy |
Invalid
|
Undecided
|
Unassigned | ||
Intrepid |
Fix Released
|
Critical
|
Jamie Strandboge | ||
Jaunty |
Fix Released
|
Critical
|
Jamie Strandboge |
Bug Description
Mathiaz reported that vm created for ec2 could be logged on to the root account using ! as a password
It was later verified that this problem could be reproduced on any vm generated by python-vm-builder and some version of ubuntu-vm-builder.
Security fix for uvb in hardy fixed this but was later on reverted in the version in -proposed
Test:
Create a vm using "sudo vmbuilder kvm ubuntu --addpkg openssh-server"
Start the VM
Log in using ssh root@vm with password !
Changed in vm-builder: | |
status: | New → Invalid |
status: | New → Invalid |
Changed in vm-builder: | |
status: | New → Invalid |
Changed in shadow: | |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → In Progress |
assignee: | nobody → jdstrand |
importance: | Undecided → High |
status: | New → In Progress |
Changed in shadow: | |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
status: | In Progress → Fix Committed |
Changed in vm-builder: | |
status: | In Progress → Fix Committed |
Changed in shadow: | |
status: | In Progress → Fix Committed |
status: | Fix Committed → In Progress |
Changed in vm-builder: | |
status: | In Progress → Fix Committed |
status: | Fix Committed → In Progress |
Changed in shadow: | |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
status: | Fix Committed → Fix Released |
status: | In Progress → Fix Released |
Changed in vm-builder: | |
status: | In Progress → Fix Released |
Changed in shadow: | |
status: | Fix Released → Fix Committed |
status: | Fix Committed → Fix Released |
Changed in vm-builder: | |
status: | Fix Committed → Fix Released |
status: | Fix Released → In Progress |
Changed in vmbuilder: | |
status: | New → Fix Committed |
Changed in vm-builder: | |
status: | In Progress → Fix Released |
Changed in vmbuilder: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Will disable affected root passwords on vm-builder created systems via shadow.