2006-03-12 14:53:38 |
karl |
bug |
|
|
added bug |
2006-03-12 15:02:08 |
karl |
bug |
|
|
assigned to Nexenta OS |
2006-03-12 15:03:36 |
karl |
None: statusexplanation |
|
|
|
2006-03-12 18:35:40 |
OffHand |
None: status |
Unconfirmed |
Confirmed |
|
2006-03-12 18:35:40 |
OffHand |
None: priority |
|
High |
|
2006-03-12 18:36:02 |
OffHand |
None: severity |
Normal |
Critical |
|
2006-03-12 19:53:09 |
Colin Watson |
None: assignee |
|
kamion |
|
2006-03-12 19:53:09 |
Colin Watson |
None: statusexplanation |
|
I don't see how this is happening, because we deliberately db_set those questions to empty after retrieving the password to avoid this problem. Nevertheless, I'll investigate at the earliest opportunity, and probably release a base-config update that gets rid of those fields. |
|
2006-03-12 23:11:10 |
Ubuntu User |
None: status |
Unconfirmed |
Confirmed |
|
2006-03-12 23:11:10 |
Ubuntu User |
None: priority |
|
High |
|
2006-03-12 23:11:10 |
Ubuntu User |
None: severity |
Normal |
Critical |
|
2006-03-12 23:11:10 |
Ubuntu User |
None: statusexplanation |
|
|
|
2006-03-12 23:17:32 |
Colin Watson |
None: status |
Confirmed |
Rejected |
|
2006-03-12 23:17:32 |
Colin Watson |
None: statusexplanation |
|
We don't need multiple Ubuntu tasks for this bug; the shadow one will do, since that's where the bulk of the bug fix resides, and where at least part of the bug was caused in the first place.
And yes, more confirmation of this bug isn't needed now that I (installer maintainer) have confirmed it myself and uploaded security patches, but thanks all the same. :-) |
|
2006-03-13 14:51:11 |
Colin Watson |
shadow: status |
Confirmed |
In Progress |
|
2006-03-13 14:51:11 |
Colin Watson |
shadow: statusexplanation |
I don't see how this is happening, because we deliberately db_set those questions to empty after retrieving the password to avoid this problem. Nevertheless, I'll investigate at the earliest opportunity, and probably release a base-config update that gets rid of those fields. |
So, here's the set of stuff that I've released so far for this bug.
Breezy security updates:
shadow (1:4.0.3-37ubuntu8) breezy-security; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords;
for good measure, make /var/log/installer/cdebconf/* world-unreadable if
this bug is detected.
-- Colin Watson <cjwatson@ubuntu.com> Sun, 12 Mar 2006 21:43:40 +0000
base-config (2.67ubuntu20) breezy-security; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords
when base-config runs; for good measure, make
/var/log/installer/cdebconf/* world-unreadable if this bug is detected.
-- Colin Watson <cjwatson@ubuntu.com> Sun, 12 Mar 2006 22:28:05 +0000
shadow deals with upgraders, and base-config deals with people doing fresh installs from CD images they've built themselves from breezy + breezy-security (which is more of a corner case, but it won't be obvious to most people why the shadow fix can't cover fresh installs).
Dapper:
shadow (1:4.0.13-7ubuntu2) dapper; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords;
for good measure, make /var/log/installer/cdebconf/* world-unreadable if
this bug is detected.
-- Colin Watson <cjwatson@ubuntu.com> Sun, 12 Mar 2006 22:45:32 +0000
This mirrors the breezy-security change. There's no base-config change because base-config is no longer used in Dapper, and since this bug only manifests in some very strange circumstances in Dapper it's not necessary to do that kind of post-install cleanup there.
cdebconf (0.97ubuntu2) dapper; urgency=low
* Backport from trunk:
- Honour accept_types/reject_types for questions registered against
templates that were received in DATA commands over passthrough. This
was one of the root causes of Ubuntu's recent installer password
disclosure vulnerability (CVE-2006-1183).
-- Colin Watson <cjwatson@ubuntu.com> Mon, 13 Mar 2006 02:08:16 +0000
This fixes one of the two fundamental issues that caused this bug. (The other was in initial-passwd-udeb, which Dapper no longer uses, which is part of the reason it largely doesn't suffer from this.)
cdebconf (0.97ubuntu3) dapper; urgency=low
* Backport from trunk:
- Reset question template pointers whenever they change, not just when
the tag changes; do this in X_LOADTEMPLATEFILE and dpkg-reconfigure as
well as debconf-loadtemplate.
- Add a remove method to the question database; use this to migrate
questions to the correct stacked database in the event that their
types change (fixes preseeded passwords ending up in questions.dat on
the installed system in some cases).
* Add CVE number to 0.97ubuntu2 changelog entry.
-- Colin Watson <cjwatson@ubuntu.com> Mon, 13 Mar 2006 13:43:30 +0000
This fixes a more subtle issue, namely that preseeded installs of Dapper where the preseed file had incorrect types for the password questions (that is, any type other than "password") would finish up with the preseeded password in /var/log/installer/cdebconf/questions.dat. We need a debian-installer upload for these cdebconf changes to take effect, which I'm going to do shortly.
Finally, changes from Debian to installation-report and prebaseconfig for Dapper are waiting in the wings to make all the installation logs readable by root only. |
|
2006-03-14 12:03:50 |
Mantas Kriaučiūnas |
bug |
|
|
assigned to Baltix |
2006-06-29 03:48:06 |
John Vivirito |
shadow: status |
In Progress |
Fix Released |
|
2006-06-29 03:48:06 |
John Vivirito |
shadow: statusexplanation |
So, here's the set of stuff that I've released so far for this bug.
Breezy security updates:
shadow (1:4.0.3-37ubuntu8) breezy-security; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords;
for good measure, make /var/log/installer/cdebconf/* world-unreadable if
this bug is detected.
-- Colin Watson <cjwatson@ubuntu.com> Sun, 12 Mar 2006 21:43:40 +0000
base-config (2.67ubuntu20) breezy-security; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords
when base-config runs; for good measure, make
/var/log/installer/cdebconf/* world-unreadable if this bug is detected.
-- Colin Watson <cjwatson@ubuntu.com> Sun, 12 Mar 2006 22:28:05 +0000
shadow deals with upgraders, and base-config deals with people doing fresh installs from CD images they've built themselves from breezy + breezy-security (which is more of a corner case, but it won't be obvious to most people why the shadow fix can't cover fresh installs).
Dapper:
shadow (1:4.0.13-7ubuntu2) dapper; urgency=low
* Tidy up after Malone bug #34606, which left passwords exposed in
/var/log/installer/cdebconf/questions.dat, by removing those passwords;
for good measure, make /var/log/installer/cdebconf/* world-unreadable if
this bug is detected.
-- Colin Watson <cjwatson@ubuntu.com> Sun, 12 Mar 2006 22:45:32 +0000
This mirrors the breezy-security change. There's no base-config change because base-config is no longer used in Dapper, and since this bug only manifests in some very strange circumstances in Dapper it's not necessary to do that kind of post-install cleanup there.
cdebconf (0.97ubuntu2) dapper; urgency=low
* Backport from trunk:
- Honour accept_types/reject_types for questions registered against
templates that were received in DATA commands over passthrough. This
was one of the root causes of Ubuntu's recent installer password
disclosure vulnerability (CVE-2006-1183).
-- Colin Watson <cjwatson@ubuntu.com> Mon, 13 Mar 2006 02:08:16 +0000
This fixes one of the two fundamental issues that caused this bug. (The other was in initial-passwd-udeb, which Dapper no longer uses, which is part of the reason it largely doesn't suffer from this.)
cdebconf (0.97ubuntu3) dapper; urgency=low
* Backport from trunk:
- Reset question template pointers whenever they change, not just when
the tag changes; do this in X_LOADTEMPLATEFILE and dpkg-reconfigure as
well as debconf-loadtemplate.
- Add a remove method to the question database; use this to migrate
questions to the correct stacked database in the event that their
types change (fixes preseeded passwords ending up in questions.dat on
the installed system in some cases).
* Add CVE number to 0.97ubuntu2 changelog entry.
-- Colin Watson <cjwatson@ubuntu.com> Mon, 13 Mar 2006 13:43:30 +0000
This fixes a more subtle issue, namely that preseeded installs of Dapper where the preseed file had incorrect types for the password questions (that is, any type other than "password") would finish up with the preseeded password in /var/log/installer/cdebconf/questions.dat. We need a debian-installer upload for these cdebconf changes to take effect, which I'm going to do shortly.
Finally, changes from Debian to installation-report and prebaseconfig for Dapper are waiting in the wings to make all the installation logs readable by root only. |
i maked it as fix released due to the fix being released for a while now and neither breezy nor dapper have this issue anylonger. |
|
2006-07-14 15:07:30 |
Colin Watson |
shadow: status |
Fix Released |
Fix Committed |
|
2006-07-14 15:07:30 |
Colin Watson |
shadow: statusexplanation |
i maked it as fix released due to the fix being released for a while now and neither breezy nor dapper have this issue anylonger. |
I want this bug left at something other than fix-released until a breezy point release is made. |
|
2006-08-23 10:41:45 |
Matt Zimmerman |
shadow: status |
Fix Committed |
Fix Released |
|
2006-08-23 10:41:45 |
Matt Zimmerman |
shadow: statusexplanation |
I want this bug left at something other than fix-released until a breezy point release is made. |
|
|
2006-10-13 11:58:19 |
Mantas Kriaučiūnas |
None: status |
Unconfirmed |
In Progress |
|
2006-10-13 11:58:19 |
Mantas Kriaučiūnas |
None: assignee |
|
mantas |
|
2006-10-13 11:58:19 |
Mantas Kriaučiūnas |
None: statusexplanation |
|
|
|
2006-10-21 11:09:32 |
esmeri |
name |
|
esmeri |
|
2006-12-17 16:05:39 |
Christian Reis |
bug |
|
|
added subscriber Ubuntu Security Team |
2007-11-19 23:55:23 |
Kees Cook |
None: status |
In Progress |
Confirmed |
|
2007-12-11 21:12:11 |
Jamie Strandboge |
None: status |
New |
Incomplete |
|
2007-12-11 21:12:21 |
Jamie Strandboge |
None: status |
Confirmed |
Incomplete |
|
2007-12-11 22:08:03 |
Jamie Strandboge |
None: status |
Incomplete |
Fix Released |
|
2008-04-04 12:00:00 |
Jamie Strandboge |
None: status |
Incomplete |
Invalid |
|