xserver is left wide open during install.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ubiquity (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
** I noticed this on Intrepid, but Jaunty might be the same. 8.04 SHOULD also be fixed if it turns out to be vulnerable.
The Xserver is left unprotected during the install.
The consequenses are that someone could connect and trace keystrokes, possibly catching a password. Another way to exploit this would be to connect, and pop up a convincing: 'we need your password to finish the installation' or something like that.
I have a script on another computer that will create a popup on my workstation when something happens. I had the popup on the "installation is finished, click here to reboot".
This was on an 8.10 (intrepid) install, I haven't checked how jaunty fares.
(the story goes, that it took much longer to download and install the patches for XP than it took on average for an "out of the box" XP system to get infected. )
affects: | xorg (Ubuntu) → xorg-server (Ubuntu) |
affects: | xorg-server (Ubuntu) → ubiquity (Ubuntu) |
Changed in ubiquity (Ubuntu): | |
importance: | Undecided → Low |
status: | Incomplete → Confirmed |
Thanks for your report! Can you provide detailed steps for how to reproduce this issue? Thanks!