root account has ! as default password
Bug #296841 reported by
Nick Barcet
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| VMBuilder |
Fix Released
|
Undecided
|
Unassigned | ||
| base-passwd (Ubuntu) |
Fix Released
|
Medium
|
Colin Watson | ||
| Dapper |
Invalid
|
Undecided
|
Unassigned | ||
| Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
| Hardy |
Invalid
|
Undecided
|
Unassigned | ||
| Intrepid |
Invalid
|
Undecided
|
Unassigned | ||
| Jaunty |
Fix Released
|
Medium
|
Colin Watson | ||
| shadow (Ubuntu) |
Fix Released
|
High
|
Jamie Strandboge | ||
| Dapper |
Fix Released
|
High
|
Jamie Strandboge | ||
| Gutsy |
Fix Released
|
High
|
Jamie Strandboge | ||
| Hardy |
Fix Released
|
High
|
Jamie Strandboge | ||
| Intrepid |
Fix Released
|
High
|
Jamie Strandboge | ||
| Jaunty |
Fix Released
|
High
|
Jamie Strandboge | ||
| vm-builder (Ubuntu) |
Fix Released
|
Critical
|
Jamie Strandboge | ||
| Dapper |
Invalid
|
Undecided
|
Unassigned | ||
| Gutsy |
Invalid
|
Undecided
|
Unassigned | ||
| Hardy |
Invalid
|
Undecided
|
Unassigned | ||
| Intrepid |
Fix Released
|
Critical
|
Jamie Strandboge | ||
| Jaunty |
Fix Released
|
Critical
|
Jamie Strandboge | ||
Bug Description
Mathiaz reported that vm created for ec2 could be logged on to the root account using ! as a password
It was later verified that this problem could be reproduced on any vm generated by python-vm-builder and some version of ubuntu-vm-builder.
Security fix for uvb in hardy fixed this but was later on reverted in the version in -proposed
Test:
Create a vm using "sudo vmbuilder kvm ubuntu --addpkg openssh-server"
Start the VM
Log in using ssh root@vm with password !
| Changed in vm-builder: | |
| status: | New → Invalid |
| status: | New → Invalid |
| Changed in vm-builder: | |
| status: | New → Invalid |
| Changed in shadow: | |
| assignee: | nobody → jdstrand |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → jdstrand |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → jdstrand |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → jdstrand |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in shadow: | |
| status: | In Progress → Fix Committed |
| status: | In Progress → Fix Committed |
| status: | In Progress → Fix Committed |
| status: | In Progress → Fix Committed |
| Changed in vm-builder: | |
| status: | In Progress → Fix Committed |
| Changed in shadow: | |
| status: | In Progress → Fix Committed |
| status: | Fix Committed → In Progress |
| Changed in vm-builder: | |
| status: | In Progress → Fix Committed |
| status: | Fix Committed → In Progress |
| Changed in shadow: | |
| status: | Fix Committed → Fix Released |
| status: | Fix Committed → Fix Released |
| status: | Fix Committed → Fix Released |
| status: | In Progress → Fix Released |
| Changed in vm-builder: | |
| status: | In Progress → Fix Released |
| Changed in shadow: | |
| status: | Fix Released → Fix Committed |
| status: | Fix Committed → Fix Released |
| Changed in vm-builder: | |
| status: | Fix Committed → Fix Released |
| status: | Fix Released → In Progress |
| Changed in vmbuilder: | |
| status: | New → Fix Committed |
| Changed in vm-builder: | |
| status: | In Progress → Fix Released |
| Changed in vmbuilder: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.

Will disable affected root passwords on vm-builder created systems via shadow.