[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Ubuntu 11.10 now unsecure by default

On 11/17/2011 12:50 PM, Mario Vilas wrote:
The guest account has no password, but it's not possible to login remotely with ssh.
On Thu, Nov 17, 2011 at 5:28 PM, Dave <mrx@xxxxxxxxxxxxxxxxxxx <mailto:mrx@xxxxxxxxxxxxxxxxxxx>> wrote: 

    Hi,

    What is the password for this guest account?
    Is the password random generated?

    Is remote access of any kind enabled by default for this guest
    account?

    In what way is the guest account different from any of the half
    dozen or so other accounts(with the obvious exception of access
    rights)
    created during a default Ubuntu install?

    How insecure is it really?

    I am not an Ubuntu expert so these are genuine questions, I am far
    to busy to research this at this time so I ask these questions in
    the hope
    than an Ubuntu Guru comes forth and either allays all my/your/our
    fears(if they exist) or scares me/us into action.

    regards
    Dave




--
"There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people." 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I haven't played with it but it appears they ship the guest account with a AppArmor profile to help lock down the session but it's just a normal user. I wonder even with the AppArmor stuff if the recent lightdm vulnerability would work. 

http://www.ubuntu.com/usn/usn-1262-1/

-Cody

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/