Ubuntu, you all should know, isn’t my preferred operating system. It’s very nice for linux beginners and may decrease some manual work at private machines, but when I’ve heard about the actual bug I’m very confused why we still have to use Ubuntu in our PC pools and why some work groups are emphatic about this system and why we have to administrate their server and local machines with Ubuntu.
I’m still wondering why simple users in Ubuntu systems can out of the box read all log files or the shadow.. That is not that kind of security I’m dreaming about ;)
The actual bug is very simple (via):
Now you’ve owned the shadow file and you are able to modify roots pass phrase! It’s just too easy…
By the way I tried it by myself and got a funny message:
And my friend Rumpel also tried this exploit and after lunch I just heard him saying
fuck, bolted out, by my self...
not able to disable his screensaver. Maybe he changed a little bit to much in his shadow file!? ;)
Fortunately the patch is released, so have a lot of fun while updating your systems. You should reboot after the update, otherwise the bug is still enabled…