The following effect may be a consequence of the same bug.
Distribution: Ubuntu 10.04
1) Create user1 ( with administrative privileges )
2) Create user2 ( without administrative privileges )
3) Logged as user2 set up a private directory, logout & login, create some files in ~/Private, logout.
4) Logged as user1 change user2 password.
5) Logged as user2 (using the new password defined by user1) you can access the /home/user2/Private directory and its contents.
The effect persists until you reboot.
Conclusion:
A privileged user can access private data from others (who recently have logged in and out ) by means of changing their password.
The following effect may be a consequence of the same bug.
Distribution: Ubuntu 10.04
1) Create user1 ( with administrative privileges )
2) Create user2 ( without administrative privileges )
3) Logged as user2 set up a private directory, logout & login, create some files in ~/Private, logout.
4) Logged as user1 change user2 password.
5) Logged as user2 (using the new password defined by user1) you can access the /home/user2/Private directory and its contents.
The effect persists until you reboot.
Conclusion:
A privileged user can access private data from others (who recently have logged in and out ) by means of changing their password.