Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Ubuntu 11.10 now unsecure by default
From: Cody Robertson <cody () hawkhost com>
Date: Thu, 17 Nov 2011 12:58:46 -0500

On 11/17/2011 12:50 PM, Mario Vilas wrote:
The guest account has no password, but it's not possible to login remotely with ssh.

On Thu, Nov 17, 2011 at 5:28 PM, Dave <mrx () propergander org uk <mailto:mrx () propergander org uk>> wrote:

    Hi,

    What is the password for this guest account?
    Is the password random generated?

    Is remote access of any kind enabled by default for this guest
    account?

    In what way is the guest account different from any of the half
    dozen or so other accounts(with the obvious exception of access
    rights)
    created during a default Ubuntu install?

    How insecure is it really?

    I am not an Ubuntu expert so these are genuine questions, I am far
    to busy to research this at this time so I ask these questions in
    the hope
    than an Ubuntu Guru comes forth and either allays all my/your/our
    fears(if they exist) or scares me/us into action.

    regards
    Dave




--
"There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people."



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

I haven't played with it but it appears they ship the guest account with a AppArmor profile to help lock down the session but it's just a normal user. I wonder even with the AppArmor stuff if the recent lightdm vulnerability would work.

http://www.ubuntu.com/usn/usn-1262-1/

-Cody
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault